Skip to main content
HomeTopicsThird-Party Risk

Third-Party Risk

Cybersecurity statistics about third-party risk

Showing 1-20 of 44 results

64 European organisations were drawn into a ransomware or data extortion incident through a third party.

Black Kite6/28/2026
RansomwareSupply Chain

53% of the organisations drawn into third-party ransomware or data extortion incidents traced to a single event: the August 2025 compromise of Miljödata.

Black Kite6/28/2026
RansomwareSupply Chain

16% of security professionals say supply chain and third-party risk is the boardroom cyber priority boards ask about most.

Filigran6/20/2026
Supply ChainBoardroom Risk

38% of organizations in MEA report reliance on third-party ecosystems and vendors, increasing supply-chain blind spots.

Veeam6/20/2026
Supply ChainMiddle East

33% of organizations identify third-party vendors as a major visibility gap.

Veeam6/20/2026
Operational Visibility

98% of security leaders are concerned about the risks of giving third-party AI-based systems, including large language models, access to company data.

CSC6/20/2026
Data SecurityThird-Party AI

79% of security leaders are concerned or very concerned that suppliers' and partners' AI tool use poses a cybersecurity risk to their organization.

CSC6/20/2026
AI

70% of security leaders say their organizations apply risk controls only to key suppliers.

CSC6/20/2026
Supply Chain

74% of IT and security professionals have experienced vulnerabilities in third-party applications.

Adaptiva5/27/2026
Vulnerability ManagementThird-Party Applications

49% of organizations include third-party applications in their current patching process.

Adaptiva5/27/2026
Patch ManagementThird-Party Applications

56% of security leaders now experience cybersecurity-related downtime caused by SaaS and other third-party application issues often or very often, nearly triple the rate in 2024.

Splunk5/27/2026
DowntimeOperational Resilience

56% of organizations use embedded AI within third-party vendor tools that employees often do not recognize as using AI.

Optro5/27/2026
AI Adoption

Third-party involvement occurs in 30% of financial-sector breaches.

Filigran5/27/2026
Supply ChainFinancial Sector

Average downstream breach victims per vendor increased from 2.46 in 2021 to 5.28 in 2025.

Black Kite5/27/2026
Human ImpactBreach Victims

Every breached vendor now compromises an average of 5.28 downstream companies.

Black Kite5/27/2026
Supply Chain

An estimated 26,000 shadow victims remain impacted by vendor breach cascades but are never officially named.

Black Kite5/27/2026
Supply ChainShadow Victims

73% of large organizations with 5,001 or more employees fall into the lowest TPRM confidence tiers.

Ncontracts5/27/2026
Financial ServicesTPRM

72% of financial institutions are only partially aware of which vendors use AI, and 0% feel extremely confident managing vendor AI.

Ncontracts5/27/2026
Financial ServicesTPRM

Financial institutions using manual TPRM processes are 71% more likely to receive exam findings.

Ncontracts5/27/2026
Financial ServicesTPRM

34% of organizations partner externally for AI threat detection.

HiddenLayer5/27/2026
AI Threat Detection