Third-Party Risk
Cybersecurity statistics about third-party risk
Related Topics
Showing 1-20 of 44 results
64 European organisations were drawn into a ransomware or data extortion incident through a third party.
53% of the organisations drawn into third-party ransomware or data extortion incidents traced to a single event: the August 2025 compromise of Miljödata.
16% of security professionals say supply chain and third-party risk is the boardroom cyber priority boards ask about most.
38% of organizations in MEA report reliance on third-party ecosystems and vendors, increasing supply-chain blind spots.
33% of organizations identify third-party vendors as a major visibility gap.
98% of security leaders are concerned about the risks of giving third-party AI-based systems, including large language models, access to company data.
79% of security leaders are concerned or very concerned that suppliers' and partners' AI tool use poses a cybersecurity risk to their organization.
70% of security leaders say their organizations apply risk controls only to key suppliers.
74% of IT and security professionals have experienced vulnerabilities in third-party applications.
49% of organizations include third-party applications in their current patching process.
56% of security leaders now experience cybersecurity-related downtime caused by SaaS and other third-party application issues often or very often, nearly triple the rate in 2024.
56% of organizations use embedded AI within third-party vendor tools that employees often do not recognize as using AI.
Third-party involvement occurs in 30% of financial-sector breaches.
Average downstream breach victims per vendor increased from 2.46 in 2021 to 5.28 in 2025.
Every breached vendor now compromises an average of 5.28 downstream companies.
An estimated 26,000 shadow victims remain impacted by vendor breach cascades but are never officially named.
73% of large organizations with 5,001 or more employees fall into the lowest TPRM confidence tiers.
72% of financial institutions are only partially aware of which vendors use AI, and 0% feel extremely confident managing vendor AI.
Financial institutions using manual TPRM processes are 71% more likely to receive exam findings.
34% of organizations partner externally for AI threat detection.