30% of data breaches that occurred last year involved a third party, new research shows. According to the Verizon 2025 Data Breach Investigations Report, during the year ended October 31, 2024, there were 15% more third-party data breaches than the previous year (15%).
Third parties include suppliers, vendors, hosting partners, and IT support providers. These are a mainstay in most businesses, and as the study demonstrates, a growing source of concern from a cybersecurity standpoint.
The report sheds light on the evolving nature of attack vectors, as hackers deploy increasingly sophisticated methods to seize confidential information. With breaches on the rise in general, and businesses failing in their duties to prevent them, the cybersecurity landscape is in a perilous position.
Data Breaches Involving Third Parties On the Rise, New Data Shows
New research from Verizon points to a startling growth in data breaches involving third parties. According to the Verizon 2025 Data Breach Investigations Report, during the year ended October 31, 2024, they comprised 30% of all data breaches – up from just 15% the previous year.
The report lists suppliers, vendors, hosting partners, and external providers of IT support as examples of third parties that custody confidential data. Most businesses outsource operations to one or more of these parties – and alarmingly, they are increasingly subject to cyberattacks.
This just in! View
the top business tech deals for 2025 👨💻
Said a representative from Verizon:
“While, to some extent, software vendors have long played a part in unintentionally increasing the attack surface for those who use their products and services, over the last two to three years, it has moved from the occasional (and typically minor to moderate) mishap to a much more widespread and insidious problem that can (and sometimes does) have a devastating impact on enterprises.”
Other Findings Shed Light on Evolving Threat Landscape
Other key takeaways from the report include a 34% increase in attackers exploiting vulnerabilities to gain “initial access” to businesses’ IT systems and cause security breaches, as well as a massive increase in the frequency of ransomware attacks year-on-year.
While ransomware was present in 32% of data breaches in 2023, it now makes up almost half of data breaches (44%), according to the Verizon research. The report illuminates the evolving nature of attack vectors, with cybercriminals not afraid to change both their methods and targets to keep corporations guessing.
In an effort to combat the spiraling problem with third-party custodians, businesses are reportedly adopting “stricter supply chain risk management practices.” Verizon encourages businesses to vet their potential partners: “When you are working with a third party, you have to consider their security limitations as well as your own.”
Modern Businesses Under Cybersecurity Siege
Ultimately, the Verizon report paints a pretty grim picture of the current threat landscape. Not only are attacks increasing in frequency, but they’re becoming more expensive to remedy, with the annual cost of cybercrime projected to exceed $23 trillion in 2027. For many companies, the effects are disastrous.
Compounding this issue is the fact that, largely, businesses are woefully underprepared. According to research published by Tech.co earlier this year, a shocking 98% of senior leaders are unable to identify all the signs of a phishing attack, indicating that this problem is felt right across the business. Clearly, more needs to be done to upskill employees everywhere.
One potential solution for businesses could be AI. While the technology is still in its relatively infancy, there’s no doubting that it can be used to aid businesses in their fight against cybercrime. It will be interesting to see how the corporate world embraces this use case over the coming months. One thing is certain – the current situation is not sustainable.
