More Findings From the Report
The report’s key findings include:- Technical services vendors (providing infrastructure services) were the top target of third-party breaches. In the top three for a fourth consecutive year, these vendors were included in 30% of incidents.
- The healthcare industry was the most common victim of third-party breaches accounting for 34% of incidents 2022 – an increase from 2021 – followed by finance (14%) and government (14%).
- Unauthorized network access was the most common root cause of third-party attacks, initiating 40% of the third-party breaches last year. The rise is partially due to the remote work model that has become prevalent with the pandemic.
- Ransomware accounted for 27% of third-party breaches in 2022, a decrease from 2021 due to Russian sanctions, which hinder the ability of Russian-based cybercriminals to act.
- The average time between an attack and the disclosure date was 108 days, with a 50% increase from 2021 and giving threat actors more time to cause significant damage with stolen data.
“Global business ecosystems continue to get more complex, with every organization increasingly impacted by the cybersecurity posture of their partners, and their partners' partners, and so on. The reality is your attack surface is much bigger than the stuff you can control. But the good news is, you can assess and monitor your extended ecosystem to spot vulnerabilities, take action and avoid catastrophe.”