“India is a cornerstone of the global digital economy,” said Ryan Sherstobitoff, Field Chief Threat Intelligence Officer at SecurityScorecard. “Our findings highlight both strong performance and areas where resilience must improve. Supply chain security is now an operational requirement, and SecurityScorecard is providing the visibility and intelligence to help organizations strengthen that resilience together across industries and borders.”
Key Findings
- 52.6% of Indian suppliers suffered a third-party breach; 10.7% publicly reported one.
- 26.7% of companies scored an “F” cybersecurity rating, the largest share seen in any dataset to date, while 25.3% scored an “A,” showing a highly polarized risk landscape.
- IT services and aerospace sectors had the highest average scores, demonstrating leadership, though IT providers also accounted for 62% of all third-party breaches, reflecting their role as gateways to global clients.
- Pharmaceuticals and medical devices represented 42.1% of publicly reported breaches and 38.5% of ransomware incidents, raising concerns for international healthcare supply chains.
- Semiconductor, electronics and automotive sectors showed elevated credential compromise, typosquatting and malware infections.
- Network security challenges, mismanaged certificates and poor patching, were the most common contributors to low ratings.
India in Global Context
The mean and median security scores for Indian companies (73 and 75) are slightly below the global average of 81. Like other supplier nations, India’s results highlight both areas of excellence and opportunities for improvement.
“This research is part of our ongoing global benchmarking,” Sherstobitoff added. “Every region has its strengths and vulnerabilities. India’s role in powering critical industries makes visibility and collaboration even more important.”
SecurityScorecard Recommendations
To strengthen resilience, SecurityScorecard recommends organizations:
- Continuously monitor third- and fourth-party ecosystems for emerging threats.
- Prioritize certificate management and patching, which were the most common areas of weakness.
- Pay close attention to IT and managed service providers, which are among the highest-risk vendor categories globally.
- Leverage cybersecurity ratings to inform procurement, vendor oversight and ongoing risk management.
About the Report
The full study, Third-Party Cyber Risks to Global Supply Chains: An Assessment of Key Indian Suppliers, is available from SecurityScorecard.
About SecurityScorecard
SecurityScorecard modernizes Third Party Risk Management (TPRM) using AI and threat intelligence to continuously manage, detect, and respond to global supply chain risk. The TITAN AI Platform unifies threat intelligence and third-party data to deliver real-time visibility and insights that accelerates both risk reduction and compliance. The AI platform is built to deliver the full spectrum of modern TPRM outcomes while strengthening resilience. It reduces compliance burden and administrative friction, drives measurable risk reduction, and prioritizes the most critical exposures. With robust reporting and streamlined workflows, it modernizes TPRM from a reactive compliance exercise into a proactive, risk-driven program.
Learn more at securityscorecard.com or follow us on LinkedIn.
View full press release.
Media Contact
10Fold for SecurityScorecard
securityscorecard@10fold.com
