Third-party data breaches have become a major security concern

A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.

(Image credit: Shutterstock / JLStock)

SecurityScorecard report finds most EU firms experienced a third-party data breach in 2024
Scandinavian countries fared best, French fared worst
Businesses should prioritize third-party risk next year, researchers warn

Third-party data breaches have emerged as one of the biggest threats to cybersecurity for organizations in the European Union, new research has claimed.

A SecurityScorecard report took Europe’s top 100 companies and analyzed factors such as network security, malware infections, endpoint security, patching cadence, application security, and DNS health.

It found virtually all European companies (98%) had experienced a third-party breach in the last year, meaning that practically every organization has had a partner company that was exposed. Although SecurityScorecard did not discuss it, it’s safe to assume that at least some of these organizations suffered some operational disruptions due to these breaches, especially since “just” 18% of companies reported direct breaches in the past year.

Prioritizing risks

Looking at individual verticals, SecurityScorecard says that transport was the most secure sector with no companies with low scores. On the other end of the spectrum is the energy industry, with 75% of organizations scored C or lower (A being best, and F being worst). Furthermore, a quarter (25%) reported experiencing direct breaches.

Scandinavian, British, and German firms were reported as most secure, while France had the highest rate of third- and fourth-party vendor breaches (98% and 100% respectively).

For Ryan Sherstobitoff, SVP of Threat Research and Intelligence at SecurityScorecard, prioritizing third-party risk management should be a priority for all EU firms, especially with DORA right around the corner.

The DORA legislation, short for the Digital Operational Resilience Act, is a new regulatory framework from the European Union designed to enhance the cybersecurity and operational resilience of financial institutions. With it, banks, insurance companies, investment firms, and other entities in the financial sector should be more resilient to disruptions, cyberattacks, and similar incidents.

The legislation is expected to come into full effect on January 17, 2025.

Nokia confirms data breach leaked third-party code, but its data is safe
Here's a list of the best antivirus tools on offer
These are the best endpoint protection tools right now

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.