Cybersecurity risks from third-party vendors are causing significant problems for businesses, according to new findings from Resilience, a cyber solutions company based in San Francisco. In 2024, 31% of the claims they handled were linked to third-party risks, which include issues like ransomware attacks and outages affecting vendors.
Vishaal "V8" Hariprasad, the co-founder and CEO of Resilience, emphasized the growing seriousness of this issue. He noted that third-party risks are leading to unprecedented financial losses. Many businesses may not realize how vulnerable they are to risks associated with their partners until it’s too late. Hariprasad stressed the importance of understanding that these risks are interconnected. By recognizing shared vulnerabilities, companies can make better decisions and reduce potential losses.
For the first time, claims related to third-party risks resulted in actual incurred losses, accounting for 23% of all claims in 2024. This marks a significant shift from 2023, where no such claims were reported. Notable incidents involving companies like Change Healthcare, CDK, and PowerSchool have demonstrated how hackers exploit weaknesses in a single point of failure.
Ransomware continues to be a major threat, responsible for over 60% of Resilience’s claims this year. Additionally, transfer fraud is becoming more common, making up 18% of incurred claims in 2024.
As merger-and-acquisition activity increases, so do the entry points for cyber hackers. This trend highlights the urgent need for businesses to rethink their approach to cybersecurity, especially in relation to their partners.