Third-party security issues could be the biggest threat facing your business
More than a third of all breaches of 2024 were related to third parties

- Third-party cybersecurity risks are a growing threat, report claims
- More than a third of all breaches in 2024 were related to third parties
- Retail and hospitality were most heavily hit
Third-party security issues are probably the biggest threat your business is facing, new research has claimed.
The new 2025 Global Third-Party Breach Report from SecurityScorecard analyzed 1,000 breaches across different industries and regions, and concluded that more than a third (35.5%) of all breaches in 2024 were related to third parties.
To make matters even worse, this figure is “likely conservative,” the company said, due to underreporting and misclassification.
Monitor your credit score with TransUnion starting at $29.95/month
TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnion’s advanced risk assessment tools.
Preferred partner (What does this mean?)
Retail and hospitality
The report further states that there has been a significant diversification of attack surfaces in 2025, compared to the year before, since less than half (46.75%) of third-party breaches involved technology products and services (down from 75% the year prior).
Looking at specific industries, SecurityScorecard found retail and hospitality to have suffered the highest third-party breach rate (52.4%), followed by the technology industry (47.3%), and the energy and utilities industry (46.7%).
Even though it had a below-average rate of 32.2%, the healthcare industry suffered the most third-party breaches in absolute numbers (78).
Geographically, Singapore fared worst (71.4%), followed by the Netherlands (70.4%), and Japan (60%).
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
SecurityScorecard also warned about the dangers of ransomware through third-party risk. More than two in five (41.4%) of all ransomware attacks now start through third parties, with the infamous Cl0p group leading the charge.
“Threat actors are prioritizing third-party access for its scalability. Our research shows ransomware groups and state-sponsored attackers increasingly leveraging supply chains as entry points. To stay ahead of these threats, security leaders must move from periodic vendor reviews to real-time monitoring to contain these risks before they escalate throughout their supply chain,” said Ryan Sherstobitoff, SVP of SecurityScorecard’s STRIKE Threat Research and Intelligence.
You might also like
- Cl0p resurgence drives ransomware attacks to new highs in 2025
- We've rounded up the best password managers
- Take a look at our guide to the best authenticator app
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.