VendorsBlack Kite
Black Kite
Cybersecurity reports and statistics published by Black Kite
8 categories9 reports
Research Reports
Reports and publications from Black Kite
2026 State of Financial Services: The Dual Storm of Ransomware and Vendor Ecosystem Risk
6/3/2026
2026 Supply Chain Vulnerability Report
5/19/2026
2026 Third-Party Breach Report: Managing Risk Concentration in the Era of Cascading Failures
3/7/2026
2025 Manufacturing Report: Why Your Supply Chain is Your Biggest Cyber Risk
10/8/2025
2025 State of Financial Services: Hidden Dangers in the Vendor Ecosystem
7/10/2025
2025 Ransomware Report How Ransomware Wars Threaten Third-Party Cyber Ecosystems
5/13/2025
2025 Supply Chain Vulnerability Report
4/8/2025
Healthcare Under Ransomware Attack
1/1/2025
Healthcare Under Ransomware Attack
1/1/2025
Recent Statistics & Reports
Every breached vendor now compromises an average of 5.28 downstream companies.
5/27/2026•
Third-Party RiskSupply Chain
The median disclosure delay after detection is 73 days.
5/27/2026•
Breach DisclosureDetection Time
Average downstream breach victims per vendor increased from 2.46 in 2021 to 5.28 in 2025.
5/27/2026•
Third-Party RiskHuman ImpactBreach Victims
The average disclosure window worsened from 76 days in 2024 to 117 days in 2025.
5/27/2026•
Breach Disclosure
It takes an average of 117 days for a breach to be publicly disclosed after discovery.
5/27/2026•
Breach DisclosureTransparency
23.34% of the global ecosystem have corporate credentials circulating on the dark web via stealer logs.
5/27/2026•
Credential TheftCorporate CredentialsDar Web
65% of manufacturing companies have at least one vulnerability listed in the CISA Known Exploited Vulnerabilities (KEV) Catalog.
10/8/2025•
ManufacturingRansomwareVulnerabilities
Manufacturing remains ransomware's number one target. It has held the number one position for the fourth year in a row.
10/8/2025•
ManufacturingRansomware
Among companies with less than $20 million, manufacturing is the second targeted industry at 17%.
10/8/2025•
ManufacturingRansomware
75% of manufacturing companies have critical vulnerabilities with a CVSS score of 8 or higher.
10/8/2025•
ManufacturingRansomwareVulnerabilities
There has been a 9% increase in ransomware attacks on manufacturing companies compared to the previous year.
10/8/2025•
ManufacturingRansomware
For companies earning between $100 million and $300 million, manufacturing accounts for 30% of ransomware victims.
10/8/2025•
ManufacturingRansomware
Among companies earning over $1 billion, manufacturing makes up a staggering 38.9% of ransomware victims.
10/8/2025•
ManufacturingRansomware
There were 191 disclosed ransomware victims in the financial sector in 2023.
7/10/2025•
FinancialRansomware
Cl0p claimed responsibility for targeting companies using unpatched versions of Cleo's MFT products in December 2024.
7/10/2025•
FinancialCl0p
There were 156 disclosed ransomware victims in the financial sector in 2024.
7/10/2025•
FinancialRansomware
90 third-party vendors are flagged with high-risk threat categories. Among these, 35 vendors are marked with Known Exploited Vulnerabilities (KEV) tags.
7/10/2025•
FinancialThird-party vendorsVulnerabilities
Black Kite researchers found that 31 out of 140 third-party vendors have at least one critical vulnerability with a CVSS at or above 8. 15 vendors show an extremely high risk with CVSS scores above 9.
7/10/2025•
FinancialThird-party vendorsVulnerabilities
Nearly one-third (26.6%) of finance threat actors are attributed to "Other", which includes emerging or short-lived groups, highlighting a more fragmented and unpredictable ransomware landscape.
7/10/2025•
FinancialRansomware
As of mid-2025, only 55 ransomware victims have been disclosed in the financial sector.
7/10/2025•
FinancialRansomware
Showing 21-40 of 74 results