47 Third Party Data Breach Statistics: The Numbers You Need to Know

As third-party data breaches become more common, it’s essential for businesses to be aware of the risks associated with third-party vendors. A third-party vendor is any company that your business interacts with but is not under your direct control. These companies pose a significant risk to your data security, and you need to take steps to protect yourself from them. In this article, we will discuss third party data breach statistics and why you should be aware of them. 

Some Recent Interesting Data Breaches 

• The data breach that has recently turned heads is the theft of the personal information of 400 million Twitter users by exploiting an API vulnerability. The vulnerability had probably taken root in June ‘21 and was remediated in January ‘22. Apparently, a lot of damage was done within that span and now, Twitter might face some serious repercussions.
• On March 20, 2022, a hacker group made a telegram post indicating that they had hacked Microsoft and compromised Cortana and Bing among other services. Microsoft blocked the attack by March 22, 2022. The data of only one customer was stolen.
• Redcross was not so swift to repel the attack during which the personal information of 500,000 people who received services from Redcross was stolen.
• These are just a few of the hundreds of cyber encroachments and breaches that take place every year, in fact, a lot of them go unnoticed or unreported. For instance, News Corp had a data breach in 2020 which was discovered in 2022.

Awareness, precaution, and swiftness of response can become the difference between a close call and complete devastation.

What is Third-Party Security Risk?

External sources within an organization’s ecosystem or supply chain that have access to sensitive company or customer data pose a third-party risk. This covers suppliers, service providers, vendors, contractors, and partners.

Although a company might have an excellent cybersecurity system and plan, its vendors might not follow the same protocol. Consequently, this relationship could provide more opportunities for potential attacks despite having a strong security system.

Why Should You Care About Third Party Data Breach Statistics?

With more and more organizations outsourcing portions of their daily operations, we need to be constantly aware of third-party risk. This is especially important in light of the increasing number of security breaches that originate from vulnerabilities in relationships with third parties.

If a data breach were to occur, nearly one-third of all vendor relationships would be considered high risk. 80% of surveyed organizations last year experiences at least one data breach caused by a third party.

It is the responsibility of your organization’s board of directors and senior management to manage all relationships, both internally and with entities external to the company. Risks associated with these outsiders should be treated identically as if they were originating from within the company.

Although partnering with third-party vendors entails certain risks, some organizations neglect to manage these dangers as effectively as possible. 

If these risks are not managed, regulatory agencies may take financial action against the company, customers might file lawsuits, and the organization’s reputation could be harmed making it difficult to obtain new business or keep existing clients.

Third Party Data Breach Statistics in Different Verticals

The healthcare industry is among the hardest-hit sectors when it comes to third-party data breaches.

1. In 2021, the healthcare industry was subject to 33% of all attacks that were caused by third parties.
2. Private patient information and sensitive healthcare data are appealing targets for attackers, which is why 1.5 billion people had their personal info leaked in 2021 from third-party breaches.
3.  A majority of healthcare organizations do not think that their IT systems prioritize third-party security and access, and 50% of companies from all industries said that managing third-party security is too overwhelming and stressful.
4. The first death caused by the ransomware was reported in September 2020, when an attack on a hospital’s IT systems in Düsseldorf, Germany led to failure. (Associated Press, 2020).
5. Fortified Health Security’s mid-year report stated that the healthcare sector suffered nearly 337 breaches in the first half of 2022 alone. 

Financial institutes are also regular targets for hackers. 2018-22 has been an especially testing period. In those four years

5. Private banks in India have reported 205 data breaches and state-owned banks reported 41 breaches.
6. The breaches have incurred a loss of Rs 1,435 Cr between April 2020 and March 2022.

Educational institutes often make soft targets for hackers owing to a general lack of cyber defense. According to a report

7. 41% of primary schools, 70% of secondary schools, and 92% of higher education colleges in the UK reported data breaches in 2022.
8. In the first half of 2022 the USA had 18 cyber attacks on schools.  

Third Party Data Breach Statistics

9.  27% of all third-party attacks in 2021 were ransomware, making it the most common attack method.
10. Third-party breaches are most common among software publishers, who account for 23% of incidents. This is the third year in a row that software publishers have been the most common source of third-party breaches. 
11. The average time frame from when an attack occurred to when it was disclosed publicly was 75 days. In 2022, it took an average of 277 days—about 9 months—to identify and contain a breach. 44 % of overall companies took longer than the standard to reveal the incident. 
12. Of all security breaches, 15% are due to someone outside the company getting into the network. They exploit weak passwords and vulnerabilities in the system that controls access.
13. Companies that do not want to disclose the details of an attack will often cite unauthorized network access as the source. 
14. External-facing assets such as servers and databases pose a significant risk to businesses, accounting for 12% of data breaches. Unsecured external-facing assets are one of the top three root causes of data breaches and can pose a serious threat to businesses.
15. Software vendors who allow third-party access to their systems are at the highest risk of being breached, as they have been for the last three years.
16. The Accellion FTA hack was the most damaging data breach of 2021, causing problems for 31 businesses and impacting over 5.6 million users according to information from Accellion and its clients. 
17. 54% of businesses do not vet third-party vendors properly.
18. According to a study, 48% of organizations deem third-party relationship complexity as their main problem.
19. To make matters worse, many organizations have to take already over-burdened internal resources and use them to monitor third parties. According to the survey, only 36% of companies have automated this process. Automation tools are insufficient, which is probably why 47% of respondents said they’re not adept at spotting potential threats from third-party sources.

General Cyber Attack Statistics

20. Cyberattacks pose a greater threat to F-35 jets than missiles. 
21. More than 75% of all cyberattacks targeting a specific entity begin with an email.
22. The FBI received 15,421 reports of tech support fraud in 2020 from victims located in 60 countries.
23. If global cybercrime rates continue as they are, costs will increase by 15% every year for the next five years. This number would eventually swell to $10.5 trillion by the year 2025.
24. In the past year, over one-third of consumers have experienced some form of cybercrime.
25. Internet crime is on the rise, with the FBI receiving more than 2,000 complaints per day in 2020.
26. From 2020 to 2025, it is estimated that the healthcare industry will spend $125 billion on cybersecurity.
27. From the start of 2020 to the middle of 2021, ransomware cybercrime increased by 102%. 
28. A little more than 53% of all adults concede that working from home has made it much simpler for hackers and cybercriminals to trick people.
29. In April 2021, hackers took advantage of the U.S. Colonial Pipeline through a VPN that was lacking multi-factor authentication. In order to get access back, they had to pay a $5 million Bitcoin ransom. 
30. In February 2021, a hacker broke into the water filtration system in Oldsmar, Florida, and tried (but did not succeed) to contaminate the water. 
31. In June 2021, a Russian ransomware attack on JBS- the world’s largest meatpacking company- impacted nearly 10,000 workers and caused inflation in prices for meat.
32.  Most COVID-19-related threats were spammy emails, comprising 65.7% of the total. 
33. Since the start of the COVID-19 pandemic, 44% of adults have felt more vulnerable to cybercrime. 
34. Over the past year, scammers have defrauded 1 in 5 consumers. 4% of victims clicked on a fake COVID-19 contact tracing link, while 4% paid to get carbon tax relief money. 3% of people were duped into paying for an illegitimate COVID-19 vaccine. 
35. Protecting one’s online activities and personal information has become increasingly important to adults, with 39% of them taking security measures.
36. Since the pandemic hit, the number of cyberattacks has increased by 300% according to FBI reports. 
37. Since the pandemic started, there has been a 238% increase in cyberattacks against banks. 
38. Since the start of the pandemic, 25% of all employees have seen more fraudulent emails in their work inboxes.
39. More adults are worried about becoming victims of cybercrime than ever before, with 58% saying they’re more concerned now. 
40. 13% of internet users use a VPN to protect their data while online. 
41. Nearly 2 in 3 adults claim they are spending more time online than in the past, with an equal amount saying they have started taking more cybercrime safety measures.
42. Internet users in both India and the United States are generally more cautious when it comes to sharing personal information online. 
43. Japanese users have the most difficult time differentiating credible from non-credible sources. They also worry about cybercrime more than other nationalities.
44. 62% of all adults find it difficult to know if the news they read online is trustworthy. 
45. More than 53% of all adults are unaware of how to protect themselves from online crime.
46. In a recent survey, 63% of consumers said that they are very worried about their identity being stolen.
47. Almost 38% of people don’t realize that their identity can be stolen.

Parting Thoughts

There are so many third-party products and services used nowadays that it’s tough to keep track of them all. Following their security practices and compliance status is even harder. But business owners and CISOs must realize that a risk for a third-party vendor is as much a risk for their own company. A hacked third-party tool can easily bring disaster to your company.

Regular vulnerability scans and penetration tests can be greatly beneficial in terms of detecting and mitigating third-party risks. Astra’s Pentest Suite is the perfect tool for this purpose. You can detect vulnerabilities, collaborate with security experts to fix them, and build a secure business with Astra’s help. Talk to us to learn more.