Many firms are working with risky third party vendors

Cyberattack
(Image credit: Future)

Despite having well-defended digital premises and endpoints, many firms are at risk of cyberattacks because they work with different vendors and third parties that aren’t as secure. 

This is according to a new report from cybersecurity ratings firm SecurityScorecard, which analyzed more than 235,000 organizations worldwide, as well as 73,000 vendors and products they use, to find that virtually all firms (98%) have vendor relationships with at least one third party that suffered a data breach in the last two years. 

What’s more, half of the organizations have indirect relationships (as in used by the third-party vendors) with at least 200 companies that suffered a cyberattack in the last two years.

F for security

For every third-party vendor in a supply chain, businesses usually have indirect relationships with 60 to 90 times that number of fourth-party relationships, the researchers have found. With third parties being up to five times more likely to exhibit poor security, the risk quickly compounds. 

Roughly a tenth (10%) of all third parties analyzed for the report were rated F for security. 

Looking at different industries, the information services sector has an average of 25 vendors, while the finance sector has 6.5 on average. Healthcare averaged 15.5 vendors, while insurance has 11. Each one poses a significant risk to the original organization. 

Cybercriminals seem to be well aware of these facts, as supply chain attacks became one of the most devastating forms of cybercrime lately. The SUNBURST attack, in which just one company had its software compromised, and which resulted in up to a hundred organizations being affected, is just one of the examples.

“An organization’s attack surface spans beyond just the technology that they own or control, ” said Aleksandr Yampolskiy, co-founder and CEO of SecurityScorecard.

“Organizations need visibility into the security ratings of their entire third and fourth party ecosystem so that they can know in an instant whether an organization deserves their trust and can take proactive steps to mitigate risk.”

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
Third-party data breaches have become a major security concern
Concept art representing cybersecurity principles
What businesses need for modern third-party risk management
Holographic representation of cloud computing over open businessman's hand
Businesses are struggling to address vulnerabilities hidden in phantom dependencies
A hand reaching out to touch a futuristic rendering of an AI processor.
Rethinking vendor risk management in the age of AI and automation
Closing the cybersecurity skills gap
The critical need for watertight security across the IT supply chain
Best email services: image of email with one unread message alert
Over 400 million unwanted and malicious emails were received by businesses in 2024
Latest in Security
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Google Chrome
Google Chrome security flaw could have let hackers spy on all your online habits
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Latest in News
A young woman is working on a laptop in a relaxed office space.
I’ll admit, Microsoft’s new Windows 11 update surprised me with its usefulness, providing accessibility fixes, a gamepad keyboard layout, and PC spec cards
inZOI promotional material.
inZOI has become the most wishlisted game on Steam, but I wouldn't get too caught up in the hype
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Nespresso Vertuo Pop machine in Candy Pink with coffee drinks and capsules
My favorite Nespresso coffee maker just got a fresh new makeover, and now I love it even more
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC