Third-Party Risk
Cybersecurity statistics about third-party risk
Related Topics
Showing 1-20 of 44 results
53% of the organisations drawn into third-party ransomware or data extortion incidents traced to a single event: the August 2025 compromise of Miljödata.
64 European organisations were drawn into a ransomware or data extortion incident through a third party.
16% of security professionals say supply chain and third-party risk is the boardroom cyber priority boards ask about most.
38% of organizations in MEA report reliance on third-party ecosystems and vendors, increasing supply-chain blind spots.
70% of security leaders say their organizations apply risk controls only to key suppliers.
79% of security leaders are concerned or very concerned that suppliers' and partners' AI tool use poses a cybersecurity risk to their organization.
98% of security leaders are concerned about the risks of giving third-party AI-based systems, including large language models, access to company data.
33% of organizations identify third-party vendors as a major visibility gap.
56% of organizations use embedded AI within third-party vendor tools that employees often do not recognize as using AI.
56% of security leaders now experience cybersecurity-related downtime caused by SaaS and other third-party application issues often or very often, nearly triple the rate in 2024.
74% of IT and security professionals have experienced vulnerabilities in third-party applications.
49% of organizations include third-party applications in their current patching process.
Third-party involvement occurs in 30% of financial-sector breaches.
26% of the most mature TPRM programs report TPRM delivering high value across the organization.
Average downstream breach victims per vendor increased from 2.46 in 2021 to 5.28 in 2025.
Every breached vendor now compromises an average of 5.28 downstream companies.
An estimated 26,000 shadow victims remain impacted by vendor breach cascades but are never officially named.
73% of large organizations with 5,001 or more employees fall into the lowest TPRM confidence tiers.
72% of financial institutions are only partially aware of which vendors use AI, and 0% feel extremely confident managing vendor AI.
Financial institutions using manual TPRM processes are 71% more likely to receive exam findings.