Black Kite, a leader in third-party cyber risk intelligence, has released its sixth annual Third Party Breach Report, offering an in-depth analysis of public data breaches and regulatory findings from the previous year. The report highlights a troubling trend in 2024: a proliferation of “silent breaches” within extensive supply chains. These breaches signify how vulnerabilities in one vendor can extend risk throughout interconnected digital ecosystems. The findings underscore how threat actors exploited systemic weaknesses, transforming previously trusted vendor relationships into avenues for disruption that significantly impacted various industries, including healthcare, retail, and logistics.
Ferhat Dikbiyik, chief research and intelligence officer at Black Kite, stressed the dual-edged nature of digital interconnectedness. “While it fosters progress, it similarly amplifies risks. As organizations lean more heavily on software platforms, the exploitation of a single vulnerability can lead to catastrophic fallout. Insights from the BRITE research illustrate key lessons that can help bolster resilience and refine cybersecurity practices as organizations prepare for 2025,” he stated.
The report details various trends that have emerged regarding compromise methods. One notable revelation is that unauthorized network access accounted for over 50% of disclosed third-party breaches in 2024. Additionally, ransomware attacks persisted as a significant threat, representing 66.7% of identified attack strategies, with attackers increasingly leveraging third-party vectors to enhance their efficacy. Software vulnerabilities, particularly zero-day exploits affecting internet-facing devices and applications, remain a major concern, emphasizing the attackers’ continued exploitation of unpatched systems.
The misuse of credentials was also noted as an escalating risk factor, contributing to nearly 8% of breaches in 2024. The presence of compromised credentials in dark web marketplaces, coupled with automated methods for credential stuffing, has further exacerbated this issue. Furthermore, the report reveals that a quarter of all third-party breaches originated from software vendors, signaling a shift from traditional targets such as technical services, which constituted merely 11.5% of breaches. This shift reflects an increasing trend of exploiting software supply chains as businesses continue to digitize their operations.
Dikbiyik highlighted the evolving cyber threat landscape, stating, “As organizations increasingly rely on third-party vendors, attackers adapt their strategies to exploit these dependencies, which creates a cascading risk effect across industries.” However, there are positive signs as well. The BRITE research indicates improvements in cybersecurity postures following breaches, particularly in the healthcare sector. Notably, 62.5% of healthcare vendors that suffered a breach achieved better security ratings afterwards, a transformation likely influenced by regulatory frameworks such as HIPAA. In comparison, only 21.7% of software service vendors showed measurable improvement, possibly due to lower regulatory pressures.
Healthcare institutions were the hardest hit, accounting for 41.2% of third-party breaches documented in 2024. This vulnerability is attributed to the significant value placed on patient data, reliance on third-party services, and inherent weaknesses in the sector’s cybersecurity configurations. Other major affected sectors included Finance & Insurance and Manufacturing, with reported breaches of 14.9% and 14%, respectively. The report includes detailed evaluations of notable cyber incidents from 2024, such as those involving Cencora, Change Healthcare, and others, providing recommendations for enhancing cybersecurity measures that could prevent similar disruptions in the future.
For an extensive overview, individuals can read the comprehensive report here, or explore further insights on the Black Kite blog.
Black Kite focuses on providing businesses with real-time cyber risk insights, allowing them to make informed decisions and strengthen resilience in a constantly evolving digital environment. Through an advanced, automated approach that integrates threat data with business intelligence, Black Kite empowers clients to transcend basic risk assessments, offering a nuanced understanding of their cyber ecosystem vulnerabilities.
The company supports over 3,000 clients across diverse industries while receiving accolades for its effectiveness in navigating the complexities of vendor risk management. To learn more about how Black Kite can assist in improving your organization’s cybersecurity stance, visit www.blackkite.com or check out their informative blog.
