Infographic: Key Stats from the 2025 Third-Party Breach Report

Written by: Ferhat Dikbiyik, Chief Research & Intelligence Officer

Last year saw no shortage of headline-grabbing cybersecurity incidents. At Black Kite, we dove into these events and analyzed the threat landscape for emerging trends to inform our annual Third-Party Breach Report. 

What did we find? We’re calling 2024 the year of the “silent breach,” as unnoticed vulnerabilities within third-party networks repeatedly exposed the fragility of online ecosystems.

Top 3 Takeaways from our Third-Party Breach Report

Read on for some of our biggest takeaways from the past 12 months and how to apply those learnings to 2025.

The Cascading Impacts from a Breach Reach Far and Wide

These days, the damage caused by a cyber incident is no longer constrained to a single company. As our world becomes more interconnected, we’re seeing the cascading impacts of a breach cause widespread impacts across industries, geographies, and consumers. 

• 26%: Software services was the predominant source for breaches in 2024 and saw a significant increase from 2023. 
• 41.2%: Most companies that felt the cascading impacts of vendor breaches were in the healthcare industry. 
• 55%: The majority of vendors targeted in attacks are based in the U.S. Similarly, 71% of companies experiencing cascading effects also are based in the U.S.

Many Bad Actors Still Rely on Known Attack Vectors

We’ve all heard the maxim that the threat landscape is constantly evolving. While this is true, with new bad actors emerging regularly, many of 2024’s cyber incidents were caused by tried and true attack methods, such as ransomware, persistent vulnerabilities, and credential misuse. 

• 51.7%: Unauthorized network access remains a pervasive issue, accounting for half of publicly disclosed incidents (with many details remaining unknown).
• 66.7%: Ransomware was the second most common attack vector, accounting for two-thirds of all known attack methods. Third-party vectors were central to many ransomware campaigns. 
• 56%: Compared to previous years, 2024 saw an estimated 56% increase in zero-day vulnerabilities. Credential misuse and delayed vulnerability patching were significant challenges for third-party systems.

Collaboration Is Critical Moving Forward

The security practices of a single company can impact millions of individuals. Moving forward, we’ll need proactive, cross-industry collaboration to address the systemic risks of third-party vulnerabilities. 

• 20% / 20% / 20%: Of vendors that improved their cyber ratings following a breach, 20% were in software services, 20% in healthcare, and 20% in finance. 
• 62.5%: A majority of healthcare vendors improved their cybersecurity posture following an incident—the most of any industry. This may be due to regulatory requirements from frameworks like HIPAA.

Learn from the 2024 Data Breaches & Improve Third-Party Security in 2025

Last year taught us that more often than not, our greatest security weaknesses are just out of sight. Fortunately, the challenges of 2024 also reveal a clear path forward. Adopting a proactive, collaborative approach to third-party security can lead to more resilient supply chains and better position organizations to mitigate risk. 

If you’d like to read more actionable recommendations for your cybersecurity strategy in 2025, read our full report, 2025 Third-Party Breach Report, The Silent Breach: How Third Parties Became the Biggest Cyber Threat in 2024 (no download required).