VendorsBlack Kite
Black Kite
Cybersecurity reports and statistics published by Black Kite
8 categories9 reports
Research Reports
Reports and publications from Black Kite
2026 State of Financial Services: The Dual Storm of Ransomware and Vendor Ecosystem Risk
6/3/2026
2026 Supply Chain Vulnerability Report
5/19/2026
2026 Third-Party Breach Report: Managing Risk Concentration in the Era of Cascading Failures
3/7/2026
2025 Manufacturing Report: Why Your Supply Chain is Your Biggest Cyber Risk
10/8/2025
2025 State of Financial Services: Hidden Dangers in the Vendor Ecosystem
7/10/2025
2025 Ransomware Report How Ransomware Wars Threaten Third-Party Cyber Ecosystems
5/13/2025
2025 Supply Chain Vulnerability Report
4/8/2025
Healthcare Under Ransomware Attack
1/1/2025
Healthcare Under Ransomware Attack
1/1/2025
Recent Statistics & Reports
Among the 140 vendors whose client base is meaningfully concentrated in finance, critical vulnerabilities increased 181%.
6/6/2026•
Vendor RiskVulnerabilitiesFinancial Services
Critical-level patch management failures were present in 78% of the 140 vendors whose client base is meaningfully concentrated in finance.
6/6/2026•
Patch ManagementFinancial Services
Banks reported 71 ransomware disclosures in 2023 compared to 44 disclosures by investment firms, while by 2025 banks fell to 36 disclosures and investment firms rose to 84 disclosures (41.6% of all incidents).
6/6/2026•
RansomwareFinancial Services
Direct ransomware attacks on financial institutions spiked 76% year-over-year in Q1 2026.
6/6/2026•
RansomwareFinancial Services
Across all financial services vendors, 50.2% carry high-severity CVEs.
6/6/2026•
Vulnerability ManagementFinancial ServicesCVEs
The number of distinct threat groups targeting finance increased from 37 in 2023 to 45 in 2024 and to 48 in 2025.
6/6/2026•
Threat ActorsFinancial Services
Over 48,000 CVEs were published globally in 2025, an 18% year-on-year increase.
6/6/2026•
VulnerabilitiesCVEs
In September 2025, Qilin's compromise of a single South Korean MSP affected 32 financial institutions and resulted in over 2 terabytes of stolen data.
6/6/2026•
RansomwareData TheftQilin
Qilin was responsible for 59 finance-sector incidents in the past year.
6/6/2026•
Threat ActorsRansomwareQilin
From 2024 to 2025, the number of critical vulnerabilities carried across vendors serving the financial sector increased 387%.
6/6/2026•
VulnerabilitiesVendor RiskFinancial Services
54% of the 140 vendors whose client base is meaningfully concentrated in finance carry at least one vulnerability listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
6/6/2026•
Exploit CatalogsVendor RiskFinancial Services
Reported ransomware incidents targeting finance increased 30% from 2024 to 2025.
6/6/2026•
RansomwareFinancial Services
2,130 AI-related vulnerabilities were reported in 2025, a more than 200% increase since 2023.
5/27/2026•
AI SecurityVulnerabilities
More than 48,000 CVEs were published in 2025, an 18% increase year-over-year.
5/27/2026•
VulnerabilitiesCybersecuritySupply Chain
Attackers exploited vulnerabilities an average of seven days before public disclosure in 2025.
5/27/2026•
ExploitationVulnerability ManagementCybersecurity
Of the 48,000+ CVEs published in 2025, only 58 represented a genuine, discoverable, and exploitable threat to enterprise supply chains.
5/27/2026•
VulnerabilitiesSupply ChainCybersecurity
433 million people are publicly disclosed as impacted by third-party breaches.
5/27/2026•
Data BreachHuman ImpactThird-Party Breach
53.77% of organizations show at least one critical vulnerability detected (patch management failure).
5/27/2026•
Vulnerability ManagementPatch Management
Most vendors detect compromises within a median of 10 days.
5/27/2026•
Detection TimeIncident ResponseCompromise Detection
An estimated 26,000 shadow victims remain impacted by vendor breach cascades but are never officially named.
5/27/2026•
Supply ChainThird-Party RiskShadow Victims
Showing 1-20 of 74 results