BOSTON – Feb 1, 2023
Black Kite, the leader in third-party cyber risk intelligence, today released its annual Third-Party Breach Report, which examines the impact of third-party cyber breaches in 2022. The level of breach impact and destruction was catastrophic, doubling in 2022 with 4.73 affected companies per vendor compared to 2.46 companies per vendor in 2021. With 63 third-party breaches analyzed and at least 298 publicly disclosed victims last year alone, the magnitude of attack continues to increase significantly, putting organizations at heightened risk in 2023.
“Today’s cyber landscape is riskier, costlier, and more complicated than ever before. Bad actors are capitalizing on global disruption with destructive third-party breaches, allowing them to compromise multiple victims in one fell swoop,” said Bob Maley, CSO at Black Kite. “Cybersecurity leaders must become as agile as the adversary, and that begins with keeping a continuous pulse on your digital ecosystem’s cyber posture.”
The report’s key findings include:
- Unauthorized network access was the most common root cause of third-party attacks, initiating 40% of the third-party breaches last year. The rise is partially due to the remote work model that has become prevalent with the pandemic.
- Ransomware accounted for 27% of third-party breaches in 2022 – a decrease from 2021 due to Russian sanctions, which hinder the ability of Russian-based cybercriminals to act.
- The average time between an attack and the disclosure date was 108 days, with a 50% increase from 2021 – giving threat actors more time to cause significant damage with stolen data.
- Technical services vendors (providing infrastructure services) were the top target of third-party breaches. In the top three for a fourth consecutive year, these vendors were included in 30% of incidents.
- The healthcare industry was the most common victim of third-party breaches accounting for 34% of incidents 2022 – an increase from 2021 – followed by finance (14%) and government (14%).
“Global business ecosystems continue to get more complex, with every organization increasingly impacted by the cybersecurity posture of their partners, and their partners’ partners, and so on,” said Jeffrey Wheatman, Cyber Risk Evangelist at Black Kite. “The reality is your attack surface is much bigger than the stuff you can control. But the good news is, you can assess and monitor your extended ecosystem to spot vulnerabilities, take action and avoid catastrophe.”
Black Kite provides third-party risk intelligence from a technical, financial and compliance perspective to eliminate false positives and ensure a holistic approach to vendor risk management. In addition to the 2023 Third-Party Breach Report, part of an annual research report series, Black Kite offers in-depth industry analysis reports, ransomware research, and more.
To learn more about Black Kite, visit: blackkite.com →
About Black Kite
Black Kite is the only Cyber Security Ratings Service (SRS) to deliver the highest quality intelligence that helps leaders make better risk decisions for their organizations. Built from the hacker’s perspective, our standards-based third-party cyber risk monitoring platform is purpose-built to provide shareable and quantifiable analysis that prioritizes vendor risk, automates compliance framework mapping, and transforms defensible risk decision-making.
With 1,000+ customers across the globe and counting, we’re committed to improving the health and safety of the entire planet’s cyber ecosystem with the industry’s most accurate and comprehensive cyber intelligence. Black Kite provides the only standards-based cyber risk assessments that fully analyze supply chain’s cybersecurity posture from three critical dimensions: technical, financial and compliance.