Black Kite vs. The Competition See the Difference →

Ransomware Accounted for 27% of Third-Party Attacks in 2021, According to Black Kite’s Annual ‘Third-Party Breach Report’

Healthcare Industry Most Vulnerable to Third-Party Breaches

BOSTON  – Jan 20, 2022

Black Kite, the leader in third-party cyber risk intelligence, today released its annual Third-Party Breach Report, which examines the impact of third- party cyber breaches in 2021.Ransomware was the most common attack method behind third-party breaches in 2021, initiating more than one out of four incidents analyzed.

Despite immense cybersecurity improvements following the onset of the Covid-19 pandemic, the healthcare industry was the most common victim of attacks caused by third parties, accounting for 33% of incidents last year. With its rich and diverse personally-identifiable information (PII) data, the government sector accounted for 14% of third party attacks in 2021.

Attackers were able to infiltrate networks and steal data through a variety of methods including exploiting weak passwords and access controls to gain unauthorized network access. Insecure external facing servers and databases also provided easy access to valuable data. Overall, 1.5 billion users’ personally-identifiable information (PII) was leaked as a result of third-party breaches in 2021.

Software publishers ranked as the most at-risk vendor for a third consecutive year. Exploitations of software vulnerabilities have led to some of the most notable attacks over the last few years, including the 2020 Solar Winds attack.

“Threat actors have become more agile over the years, particularly with increased ransomware attacks revealing a sense of heightened agility and skill,” said Bob Maley, Chief Security Officer at Black Kite. “This is not just a change from 2021, but an overall message. Attack methods are becoming more clever, more detailed, with flexibility and dexterity. If agile attack methods are improving, our response must match, if not counter their growth.”

In addition to the annual detailed report, Black Kite continuously monitors publicly-disclosed third-party breaches throughout the year, identifying dates of occurrence, companies affected, and the types of data leaked.

About the Black Kite Third-Party Breach Report

Black Kite Research analyzed 81 individual third-party incidents, which ultimately lead to more than 200 publicly disclosed headline breaches throughout the year (with thousands of other breaches in the full ripple effect). Analysts studied why certain industry sectors faced higher susceptibility to an attack, as well as the most vulnerable vendors to the initial breach themselves.

To download the 2022 Third-Party Breach Report, visit here.

About Black Kite

One in four organizations suffered from a cyber attack in the last year, resulting in production, reputation and financial losses. The real problem is adversaries attack companies via third parties, island-hopping their way into target organizations. At Black Kite, we’re redefining vendor risk management with the world’s first global third-party cyber risk monitoring platform, built from a hacker’s perspective.

With 300+ customers across the globe and counting, we’re committed to improving the health and safety of the entire planet’s cyber ecosystem with the industry’s most accurate and comprehensive cyber intelligence. While other security ratings service (SRS) providers try to narrow the scope, Black Kite provides the only standards-based cyber risk assessments that analyze your supply chain’s cybersecurity posture from three critical dimensions: technical, financial and compliance.


Danielle Lewan, VP of Marketing
Black Kite, Inc.
Email: [email protected]
Phone: (706) 474-5703