Most data breaches on enterprise attack the supply chain

Hacker
Image Credit: Geralt / Pixabay (Image credit: Image Credit: Geralt / Pixabay)

The vast majority of data breaches happening in the enterprise occurred through the software and technology supply chain. 

This is according to a new research paper published by SecurityScorecard, which claims 75% of all third-party breaches targeted the software and technology supply chains, mostly because threat actors can scale their operations “with minimal effort” that way. 

What’s more, 75% of organizations are at the “highest levels of maturity”, as their third-party risk programs have been manual as of 2021. “Companies must work toward automating vendor identification and cyber risk management across their entire digital ecosystem,” the researchers concluded.

The States in focus

It’s worth noting that the majority of all these breaches analyzed for the report were related to the MOVEit managed file transfer software. This product was found vulnerable in a way that allowed threat actors to exfiltrate sensitive data from its users.

Almost two-thirds (61%) of all third-party breaches were attributed to MOVEit. To make things worse, 64% of all third-party breaches were linked to Cl0p, the ransomware operators who were said to be the first ones to exploit the MOVEit flaw. LockBit, another infamous ransomware operator, took up just 7%.

Of all the different industries, the healthcare vertical was most affected by third-party breaches, making up 35% of all attacks. Healthcare-related data is highly prized by hackers.

Leaking it can cause all kinds of problems to the organization it was stolen from, which makes them more inclined to pay a potential ransom demand. Alternatively, threat actors can sell it well on the dark web.

Finally, two-thirds (64%) of all third-party breaches happened in North America, of which - 63% in the United States. SecurityScorecard does stress that this data may be somewhat skewed, as both the media and the security industry is “overwhelmingly” focused on English-speaking countries, and the US specifically.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
Third-party data breaches have become a major security concern
Closing the cybersecurity skills gap
The critical need for watertight security across the IT supply chain
Security
Removing software supply chain blind spots that put public sector organizations at risk
Holographic representation of cloud computing over open businessman's hand
Businesses are struggling to address vulnerabilities hidden in phantom dependencies
A graphic showing someone on a tablet working through a supply chain.
How phishing attacks are hitting the supply chain – and how to fight back
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Hardware supply chain threats can undermine your endpoint infrastructure
Latest in Security
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple routers hit by new critical severity remote command injection vulnerability, with no fix in sight
Code Skull
This dangerous new ransomware is hitting Windows, ARM, ESXi systems
An abstract image of a lock against a digital background, denoting cybersecurity.
Critical security flaw in Next.js could spell big trouble for JavaScript users
Latest in News
DeepSeek
Deepseek’s new AI is smarter, faster, cheaper, and a real rival to OpenAI's models
Open AI
OpenAI unveiled image generation for 4o – here's everything you need to know about the ChatGPT upgrade
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
An aerial view of an Instavolt Superhub for charging electric vehicles
Forget gas stations – EV charging Superhubs are using solar power to solve the most annoying thing about electric motoring