Black Kite’s Fifth Annual Third-Party Breach Report Highlights Ripple Effects of Cyber-Ecosystem Breaches

BRITE research team analyzed 81 breaches impacting 251 companies in 2023 to identify top trends

BOSTON – March 21, 2024

Black Kite, the leader in third-party cyber risk intelligence, today released its fifth annual Third-Party Breach Report. The industry’s most comprehensive report, which is based on observable data and real incidents, analyzed 81 vendor breaches impacting 251 companies in 2023. In it the Black Kite research and intelligence team (BRITE) highlighted how third-party data breaches create critical weak spots in extended networks, potentially leaving businesses open to cyber attacks, which can have a negative ripple effect across the organization and its vast stakeholders.

“Last year demonstrated a complex tapestry of third-party data breaches. The report underscores the importance of strong software security and real-time third-party risk management to spot and respond to vulnerabilities and threats early,” said Ferhat Dikbiyik, head of research at Black Kite. “For businesses, the lessons are clear: enhance vigilance, foster transparency and continuously improve cybersecurity practices will ensure their data, and their stakeholders’, are safeguarded and digital business integrity is protected.”

According to the data, unauthorized network access was the leading cause of breaches, accounting for over half (53%) of third-party breach incidents. This was a 26% increase from 2022, with ransomware being the most common method of compromise. Additionally, breach disclosure time significantly decreased last year; companies reported incidents within 76 days on average in 2023, compared to 108 days in 2022, proving that organizations have more awareness of security but now need better tools to understand their risk.

The second most common cause of breaches was ransomware attacks, with 28.5% of all attacks being caused by ransomware. These notable and large scale breaches demonstrate the need to better understand which companies in a supply chain are susceptible to a ransomware attack so that organizations can avoid business disruption. 

To better secure organizations, proactive strategies against third-party risk are necessary, as the cybersecurity landscape is unpredictable and constantly changing. The data in Black Kite’s report explores the negative impact from third-party breaches and discusses lessons learned from attacks in 2023. According to the report, 40% of companies that suffered from a data breach caused by a vendor were indirectly affected by ransomware group CL0P’s mass exploitation of vulnerabilities in MOVEit and GoAnywhere, highlighting the need for continuous monitoring of third-party vendors since point-in-time assessments aren’t able to keep up with rapidly evolving cyber threats. Additionally, the report showed that large companies, with revenues more than $10 billion, are the hardest hit by ransomware attacks on their vendors suggesting that monitoring your most critical vendors isn’t enough.  

Black Kite’s annual report explores third-party breach trends including the leading causes of breaches, the most active threat groups, vendors most at risk, average response time, and victim profiles, among other insights. The report concludes: 

  • Vendors in technical services remained the primary source of third-party breaches for the fourth consecutive year, comprising over one-third (35%) of incidents.
  • Healthcare remained the number one industry affected by third-party breach incidents (33%). 
  • More than 890 educational institutions experienced third-party breaches due to the MOVEit vulnerability’s impact on the National Student Clearinghouse.
  • The U.S. was the number one country impacted by third-party breaches. 
  • There was a 29% increase in third-party breaches, but the total number of companies impacted per vendor incident decreased by 16% year-over-year.

“Overall we are seeing better risk scores for companies that we are monitoring at Black Kite. This is a positive sign as it’s a direct result of more companies working to improve their security postures after they experience an incident. It further demonstrates that despite incessant attacks from malicious actors, more organizations are taking faster action after an attack,” said Gokcen Tapkan, director of data research at Black Kite. “However, there remains a critical need for stronger market insights in order to safeguard organizations against evolving attacks and advanced tools like Black Kite’s AI-based cyber risk intelligence platform, to empower companies to better understand and mitigate risk.”

Black Kite provides security and business experts with the industry’s most accurate, timely, comprehensive and operational cyber risk intelligence. Through BRITE’s regular industry intelligence, including its monthly ransomware report dashboard, companies can make more informed risk and business decisions to better protect their organizations from falling victim to an attack. 

To download the report, visit the website

About Black Kite

Black Kite gives companies a comprehensive, real-time view into cyber ecosystem risk so they can make informed risk decisions and improve business resilience while continuously monitoring more vendors, partners, and suppliers in an ever-changing digital landscape.

Through an automated process, and a combination of threat, business and risk information, Black Kite provides cyber risk intelligence that goes beyond a simple risk score or rating.

Black Kite serves more than 1,500 customers in a wide range of industries and has received numerous industry awards and recognition from customers.

Learn more at, on the Black Kite blog.

Copyright © 2023 Black Kite, Inc. All rights reserved. All other brand names, product names, or trademarks belong to their respective holders.


Geena Pickering
Look Left Marketing
Email: [email protected]