Skip to main content
VendorsBlack Kite

Black Kite

Cybersecurity reports and statistics published by Black Kite

8 categories9 reports

Recent Statistics & Reports

Every breached vendor now compromises an average of 5.28 downstream companies.

5/27/2026
Third-Party RiskSupply Chain

The median disclosure delay after detection is 73 days.

5/27/2026
Breach DisclosureDetection Time

Average downstream breach victims per vendor increased from 2.46 in 2021 to 5.28 in 2025.

5/27/2026
Third-Party RiskHuman ImpactBreach Victims

The average disclosure window worsened from 76 days in 2024 to 117 days in 2025.

5/27/2026
Breach Disclosure

It takes an average of 117 days for a breach to be publicly disclosed after discovery.

5/27/2026
Breach DisclosureTransparency

23.34% of the global ecosystem have corporate credentials circulating on the dark web via stealer logs.

5/27/2026
Credential TheftCorporate CredentialsDar Web

65% of manufacturing companies have at least one vulnerability listed in the CISA Known Exploited Vulnerabilities (KEV) Catalog.

10/8/2025
ManufacturingRansomwareVulnerabilities

Manufacturing remains ransomware's number one target. It has held the number one position for the fourth year in a row.

10/8/2025
ManufacturingRansomware

Among companies with less than $20 million, manufacturing is the second targeted industry at 17%.

10/8/2025
ManufacturingRansomware

75% of manufacturing companies have critical vulnerabilities with a CVSS score of 8 or higher.

10/8/2025
ManufacturingRansomwareVulnerabilities

There has been a 9% increase in ransomware attacks on manufacturing companies compared to the previous year.

10/8/2025
ManufacturingRansomware

For companies earning between $100 million and $300 million, manufacturing accounts for 30% of ransomware victims.

10/8/2025
ManufacturingRansomware

Among companies earning over $1 billion, manufacturing makes up a staggering 38.9% of ransomware victims.

10/8/2025
ManufacturingRansomware

There were 191 disclosed ransomware victims in the financial sector in 2023.

7/10/2025
FinancialRansomware

Cl0p claimed responsibility for targeting companies using unpatched versions of Cleo's MFT products in December 2024.

7/10/2025
FinancialCl0p

There were 156 disclosed ransomware victims in the financial sector in 2024.

7/10/2025
FinancialRansomware

90 third-party vendors are flagged with high-risk threat categories. Among these, 35 vendors are marked with Known Exploited Vulnerabilities (KEV) tags.

7/10/2025
FinancialThird-party vendorsVulnerabilities

Black Kite researchers found that 31 out of 140 third-party vendors have at least one critical vulnerability with a CVSS at or above 8. 15 vendors show an extremely high risk with CVSS scores above 9.

7/10/2025
FinancialThird-party vendorsVulnerabilities

Nearly one-third (26.6%) of finance threat actors are attributed to "Other", which includes emerging or short-lived groups, highlighting a more fragmented and unpredictable ransomware landscape.

7/10/2025
FinancialRansomware

As of mid-2025, only 55 ransomware victims have been disclosed in the financial sector.

7/10/2025
FinancialRansomware

Showing 21-40 of 74 results