Global Third Party Breach Report

Actionable insights to reduce third-party cyber risks.

This report analyzes 1,000 breaches to provide security leaders with critical insights into industry-specific risks, attack methods, and threat actor tactics. Findings are based on SecurityScorecard’s proprietary risk and threat dataset.

Key Findings:

• 35.5% of breaches in 2024 were linked to third-party access, a 6.5% increase from 2023. The most frequently compromised vendors provided IT services, cloud platforms, and software solutions, with file transfer software vulnerabilities being the most exploited attack vector.
• 41.4% of ransomware attacks involved third-party access, with C10p responsible for the largest share, primarily exploiting file transfer and remote access software.
• Retail (52.4%), technology (46.75%), and energy (46.7%) experienced the highest third-party breach rates, with stolen credentials and software supply chain compromises as primary attack vectors.
• Two exploited file transfer software vulnerabilities accounted for 63.5% of all third-party vulnerability-driven breaches, impacting thousands of organizations.

Download the report now by filling out this form.