Main Site HUB FAQ Cybersecurity FAQs What is a Third-Party Data Breach?


What is a Third-Party Data Breach?

Third-party breaches occur when your data is stolen from third-party systems or when a vendor's systems are used to access and steal data stored on your system. In today's interconnected business world, it is common for companies to share various data with vendors. Maybe your company shares customer data with marketing companies. Maybe you share data with a company that handles billing and payment processing. Maybe you outsource deliveries to another company that has to access your sales data.

Perhaps you don't share data with other companies but do allow them access to your systems. This exposes you to vendor risk as well. A 2019 eSentire survey found that 44% of all firms surveyed had experienced a significant data breach caused by a third-party vendor. As more organizations rely on third-party vendors to conduct business, being able to manage the risk they pose is critical to success.

What is the impact of a third-party data breach?

While most companies assume a breach will only impact finances, in reality, third party data breaches affect several different aspects of enterprise operations. Below are four ways third party breaches can affect your business.

1. The financial impact

Regardless of which party is breached, data breaches are expensive. According to a recent report from IBM and the Ponemon Institute, the cost of a data breach in 2020 is $3.86 million. Keep in mind that this is just an average as breaches can cost more this. According to the report, if a third party causes the data breach, the cost tends to increase by an average of $207,000, for an adjusted average total cost of $4.06 million.

2. Legal consequences

Organizations across industries are required to follow stringent regulatory requirements when it comes to handling customer and employee data. This is also true for the third-party vendors enterprise organizations work with. As a result of this, companies are almost always subject to class action lawsuits and state investigations In the event of a vendor breach.

3. Damage to your reputation

When it comes to breaches and exposed records, it doesn’t matter if it's your vendor’s fault, or if it’s your own fault. Customer trust is difficult to regain after their information was exposed or stolen while on your servers. This can impact future partnerships and even lead to early contract terminations.

4. Increased potential for future attacks

When cybercriminals access your data through a third party, that breach may not be their endgame. Many times, cybercriminals will use a third-party breach as an opening to carry out a larger campaign of hacks, attacks, and breaches.