Third-party data breaches have become a major security concern

News
By
published

Almost all companies in Europe have seen a third party hacked

A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
(Image credit: Shutterstock / JLStock)
  • SecurityScorecard report finds most EU firms experienced a third-party data breach in 2024
  • Scandinavian countries fared best, French fared worst
  • Businesses should prioritize third-party risk next year, researchers warn

Third-party data breaches have emerged as one of the biggest threats to cybersecurity for organizations in the European Union, new research has claimed.

A SecurityScorecard report took Europe’s top 100 companies and analyzed factors such as network security, malware infections, endpoint security, patching cadence, application security, and DNS health.

It found virtually all European companies (98%) had experienced a third-party breach in the last year, meaning that practically every organization has had a partner company that was exposed. Although SecurityScorecard did not discuss it, it’s safe to assume that at least some of these organizations suffered some operational disruptions due to these breaches, especially since “just” 18% of companies reported direct breaches in the past year.

Prioritizing risks

Looking at individual verticals, SecurityScorecard says that transport was the most secure sector with no companies with low scores. On the other end of the spectrum is the energy industry, with 75% of organizations scored C or lower (A being best, and F being worst). Furthermore, a quarter (25%) reported experiencing direct breaches.

Scandinavian, British, and German firms were reported as most secure, while France had the highest rate of third- and fourth-party vendor breaches (98% and 100% respectively).

For Ryan Sherstobitoff, SVP of Threat Research and Intelligence at SecurityScorecard, prioritizing third-party risk management should be a priority for all EU firms, especially with DORA right around the corner.

The DORA legislation, short for the Digital Operational Resilience Act, is a new regulatory framework from the European Union designed to enhance the cybersecurity and operational resilience of financial institutions. With it, banks, insurance companies, investment firms, and other entities in the financial sector should be more resilient to disruptions, cyberattacks, and similar incidents.

The legislation is expected to come into full effect on January 17, 2025.

You might also like

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.