Appendix
Methodology of the Report
This report data was created by the Black Kite Research Team using a combination of verified sources and proprietary research, providing both reliability and depth in the analysis of third-party breaches. The data is collected from, including public reports from reputable cybersecurity news outlets, intelligence gathered from dark web platforms and Telegram channels. Each piece of information was rigorously reviewed and validated by cybersecurity experts to maintain accuracy and relevance.
Where necessary, broader impact assessments were made using averages derived from disclosed data. This method provides a comprehensive view of the third-party risk landscape while acknowledging that the true extent of breaches is likely much greater than the available data indicates.
To avoid distorting the numbers, we treat franchises such as 100 Romanian hospitals, 40 affiliated nursing facilities in Texas and Kansas, 300 small Indian banks, 13,000 students in Singapore, and 142 hospitals across the United States as single victims.
Additionally, our analysis is limited to publicly disclosed incidents. The actual count may be as high as 800+, given an average of 10 affected companies per breach.
Many breaches remain unreported due to factors such as fear of reputational damage, legal or regulatory constraints, and a lack of awareness about the breach itself, particularly when attackers use sophisticated methods to stay undetected.
Ransomware-induced third-party breaches had an even broader impact, with up to 639 companies estimated to be affected (reflecting an average of 25 companies impacted per breach).
By combining publicly disclosed breaches with exclusive Black Kite research, this report delivers a comprehensive retrospective of third-party breaches in 2024. It examines not only the data but also the broader implications, such as the evolving strategies of threat actors, industry-specific vulnerabilities, and the lessons learned from the most significant incidents of the year. Together, this analysis aims to help organizations strengthen their defenses and foster resilience in the face of rising third-party risks.
Scope of this Report
The 6th Annual Third-Party Breach Report provides an in-depth analysis of third-party security breaches, based on both first-party research from 2024 and insights from previous years’ reports. The report focuses on understanding the evolving landscape of third-party risk management (TPRM) and its implications for TPRM professionals.
This year’s study identified 92 vendors linked to incidents that impacted 227 publicly disclosed companies, while estimates suggest that up to 700+ companies may have been affected when considering cascading impacts and undisclosed events. A detailed examination of 14 distinct attack vectors, including ransomware, unauthorized network access, and vulnerabilities, provided further insights into the methods employed by threat actors.
By combining insights from diverse sources with expert analysis, this report delivers a holistic view of third-party risk, offering organizations the tools to strengthen their defenses against emerging threats in an interconnected digital ecosystem. This analysis specifically examines breaches originating from vendor incidents that subsequently impacted the vendors’ and the affected companies.
Geographical distribution of the dataset includes:
Country of Vendors that Experienced a Breach:
55% in the United States
2% in the United Kingdom
Remaining vendors distributed across other regions globally
Country of Companies Impacted by a Third-Party Breach:
71% in the United States
6% in the United Kingdom
6% in Sweden
4% in France
3% in Germany
Remaining clients spread across other countries
As a result, the third-party breach landscape in 2024 presents a delicate interplay of risks, challenges, and progress. While ransomware and unauthorized network access continue to dominate the threat landscape, improvements in software security and cyber ratings offer hope for the future. By learning from the lessons of 2024, organizations can build greater resilience and increase their preparedness against the ever-evolving cyber threats of the digital age.
Raw Statistics from the Study
The following statistics provide additional context to the findings and trends highlighted in the report. These raw numbers help illustrate the scope of the study and the patterns observed across industries and incidents.
In 2024, a total of 92 vendors were responsible for third-party breaches, affecting 227 companies. This data highlights the pervasive and significant impact of third-party security incidents across various industries.
The vendors causing these breaches were distributed across key industries, with notable patterns emerging in their respective contributions to third-party risk. 26% within the Software Services, 12% in Technical Services, and 9% in Healthcare Services.
Within the vendors of the Software industry, ransomware was the leading attack method, accounting for 48%, followed by Unauthorized Network Access at 38%, and vulnerabilities at 9%. These breaches collectively affected 70 different companies.
In the Technical Services industry, 50% breaches were caused by Unauthorized Network Access, 40% by ransomware, and 10% by phishing attacks, impacting 25 companies. Similarly, in Healthcare Services, 75% breaches resulted from Unauthorized Network Access, and 25% from ransomware, affecting a total of 18 companies.
The industries of the companies impacted by third-party breaches show a strong concentration in Healthcare 41.2%, Finance & Insurance 14.9%, and Manufacturing 14.0%, underscoring the disproportionate risk faced by these critical sectors.
When analyzing the attack methods used by vendors, Unauthorized Network Access emerged as the most common tactic, with 51.7%. Ransomware followed with 29.9%, while vulnerabilities accounted for 7%. Focusing on known attack methods (excluding Unauthorized Network Access and unknown techniques), ransomware made up a significant 66.7% of incidents, with vulnerabilities at 15.4% and phishing at 7.7%.
Cybersecurity improvements among vendors remained rare, with only 10 out of 92 vendors successfully improving their Cyber Ratings by 3 points or more. Of these vendors, 20% were from Software Services, 20% from Healthcare Services, 20% from Finance, and 40% from other industries.
In terms of the industries served by vendors with improved Cyber Ratings, 72.4% catered to Healthcare Services, 14.4% to Financial Services, and 14.4% to other sectors, demonstrating a potential correlation between sector-specific focus and cybersecurity improvement initiatives.