About This Report

As the 6th installment of our annual third-party data breach report series, the 2025 report reflects a longstanding commitment to understanding third-party cyber risks and their impact on industries and ecosystems.

Objectives

The primary objectives of this report are:

  1. To analyze major third-party cyber incidents of 2024, including data breaches, ransomware attacks, and operational disruptions.
  2. To understand the broader implications of these incidents on industries and ecosystems.
  3. To provide actionable recommendations and highlight best practices for mitigating third-party risks.

Methodology

The findings and insights in this report are derived from a combination of sources, including:

  • Analysis of public breach disclosures and regulatory filings.
  • Data collected through Black Kite’s proprietary tools, such as FocusTags™ and the Supply Chain module.
  • Inputs from industry research and thought leadership.

By integrating these data points, the report provides a robust overview of the challenges and lessons from 2024, equipping organizations with the knowledge needed to navigate the complex third-party cyber threat landscape.

Clarifications

It is essential to note that the data presented in this report is based on publicly disclosed incidents and does not represent the total number of third-party cyber events. The raw numbers and additional statistics from the study are provided in the Appendices section for further context. Many organizations choose not to disclose breaches or disruptions, and as such, this report reflects a representative sample of available data.

< Previous
Next >