As organizations strengthen their internal cybersecurity measures, vulnerabilities arising from third-party vendors and service providers remain a significant concern. Cyber breaches linked to external partners have affected numerous high-profile companies, highlighting the risks associated with third-party relationships.
According to Grand View Research, the global third-party risk management market was valued at $7.42 billion in 2023 and is projected to grow at a compound annual growth rate of 15.7% from 2024 to 2030. This anticipated growth is attributed to the increasing complexity of business ecosystems, the rise in cyber threats, and the evolving use of artificial intelligence and machine learning by cybercriminals.
Trends in Third-Party Cyber Attacks
Cybersecurity firm Corvus reported an increase in third-party breach incidents. In early 2023, 15% of claims managed by Corvus were attributed to vendor breaches, a figure that rose to approximately 29% by early 2024.
These breaches often originate from various attack methods, including phishing, a social engineering tactic used to obtain user credentials and financial information. Business email compromise (BEC) schemes involve attackers impersonating trusted sources to steal data or gain unauthorized access to company networks.
Compromised vendor accounts have been used to request fraudulent invoice payments or alter employee payroll information to redirect funds. Additionally, ransomware attacks continue to impact third-party systems. Data from Corvus Insurance’s Cyber Threat Report identified 1,257 ransomware-related attacks in Q3 2024 and 1,248 in Q2 2024, marking a persistent trend in ransomware incidents.
The 2024 Third-Party Breach Report by Black Kite found that unauthorized network access accounted for 53% of third-party breaches, a 26% increase from 2022 when ransomware was the leading cause.
Notable Third-Party Cyber Incidents in 2024
Several industries experienced third-party cyber breaches in 2024, affecting healthcare, automotive, and cybersecurity sectors. These incidents underscore the challenges organizations face when relying on third-party service providers.
In Q1 2024, Change Healthcare, a healthcare technology company managing payments and claims processing, suffered a ransomware attack impacting 100 million individuals. The breach disrupted payment processing at hospitals, clinics, and medical practices nationwide, affecting billing and patient care services.
In Q2 2024, CDK, a software provider for automotive dealerships, experienced a ransomware attack that significantly disrupted operations. The incident affected dealer management systems, impacting automated sales management, vehicle ordering, and customer data access, leading to operational downtime for dealerships.
Strategies for Managing Third-Party Cyber Risks
Organizations can adopt several measures to mitigate risks associated with third-party cyber threats.
Contracts: Regularly reviewing vendor contracts ensures that clauses related to indemnification in case of a breach are in place. Legal oversight can help enforce agreements and manage potential liabilities arising from cyber incidents.
Cyber Insurance Policies: Businesses with cyber insurance should assess their policy coverage and understand the extent of support provided in the event of a breach. Cyber insurance can facilitate quicker financial recovery before pursuing claims against vendors.
Incident Response Plans and Backups: Organizations should evaluate their reliance on third-party software and establish contingency plans. For instance, if payroll software is compromised, having manual backup processes can mitigate disruptions. Employee training and preparedness are critical components of an effective incident response strategy.
A strategic approach to third-party risk management involves collaboration across internal departments to ensure that risks are identified and mitigated, safeguarding operational efficiency, security, compliance, and organizational reputation.
Stay current with supply chain news on The Supply Chain Report. Free trade resources are available at ADAMftd.com.
#CyberRiskManagement #ThirdPartyRisk #SupplyChainSecurity #DataProtection #RiskMitigation #CyberThreats #Infosec
