Vendor Risk
Cybersecurity statistics about vendor risk
Related Topics
Showing 1-16 of 16 results
70% of healthcare leaders are confident in their vendors' cybersecurity posture.
85% of healthcare practices experienced at least one operational disruption caused by a third-party or vendor-of-a-vendor failure in the past 12 months.
54% of the 140 vendors whose client base is meaningfully concentrated in finance carry at least one vulnerability listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
From 2024 to 2025, the number of critical vulnerabilities carried across vendors serving the financial sector increased 387%.
Among the 140 vendors whose client base is meaningfully concentrated in finance, critical vulnerabilities increased 181%.
Vendor-related cybersecurity incidents among schools districts rose from 4% in 2023 to 32% in 2025.
Where IT/OT alignment weakens in organizations in manufacturing and critical infrastructure sectors, vendor-related incident exposure nearly triples.
Organizations that get verifiable transparency data from vendors see 64% quicker implementation of new technology.
Organizations in manufacturing and critical infrastructure sectors managing 21–100 external vendors report the highest incident exposure levels.
Vendor-related losses represent 18% of total losses in Resilience's 2025 claims portfolio.
Nearly all organisations (99%) assess vendor risk.
Half of financial institutions surveyed oversee 300+ vendors.
Of the financial institutions who experienced a vendor-related cyber incident, 8% had recovery times more than 90 days .
Of the financial institutions who experienced a vendor-related cyber incident, 66% had recovery times under 60 days .
73% of financial institutions have two or fewer full-time employees managing vendor risk.
49% of financial institutions experienced a vendor-related cyber incident in the past year.