Managed Detection and Response
Third-Party Breaches: Why You Should be Prioritizing Supply Chain Cyber Risk Today
July 1, 2025 | 4 min read
George Aquila
Product Marketing Manager

Look at any collection of top 10 organizational security concerns from recent years, and “third-party breaches” are consistently high on the list. These attacks have caused financial and reputational damage to every sector, from banks to healthcare systems to retail to governments. And the problem is growing.
Recent statistics highlight just how severe the issue has become:
- Last year 81% of organizations claimed to have been negatively affected by a data breach somewhere in their supply chain
- 71% of organizations are increasing the number of third-party vendors compared to three years ago
- 30% of data breaches were linked to third-party involvement, doubled from the year before
- Supply chain compromises cost 11.8% more and take 12.8% longer to identify and contain than other types of breaches
- Third-party connections are one of the top three biggest factors contributing to increased costs of data breaches
Understanding Third-Party Breaches
What are third-party breaches and how do they happen? Threat actors exploit vulnerable links in your supply chain’s security. Whether targeting external vendors, partners, or suppliers, these attacks can ripple across your organization.
Below are three common scenarios that demonstrate how supply chain cyber risks can create widespread compromise, and actionable steps organizations can take to mitigate them.
Scenario 1: Exposing Sensitive Data in Third-Party Environments
Threat actors gain access to sensitive data stored within a third-party’s environment.

A company's sensitive data, such as intellectual property or customer Personally Identifiable Information (PII), is stored in a third-party environment, which may not be as secure (particularly if the vendor is smaller or less mature). If threat actors compromise that environment, they can exploit the data to launch attacks such as ransomware, phishing, or identity theft against the company's employees and customers, leading to lost business, tarnished reputation, fines, and lawsuits, as well as compromising critical data in sectors like manufacturing, technology, or national defense. The primary organization may not even fully grasp the extent of the breach or the specific compromised data, potentially taking months or years to understand the full impact.
Real-World Example: UBS (2025)
To help prevent this kind of breach, security teams should utilize proactive, continuous and human-supervised monitoring of third parties that have been trusted with organizations’ sensitive data. These kinds of breaches prove that separate networks do not mean safety, and that the profile of a vendor doesn’t necessarily mean it poses less of a risk. Procurement and support vendors can still be high-risk links in the data chain.
Scenario 2: Threat Actors Pivot Off a Foothold Within a Third Party to Gain Access to the Primary Organization's Network

As organizations integrate more vendors and partners into their operations, they create complex overlaps of networks, which can blur IT boundaries, especially in sectors like finance undergoing mergers and acquisitions. Attackers exploit these connections, using third parties as pathways to breach primary organizations' networks, often due to inadequate network segmentation or poor IT hygiene. Whether through direct network connections or by exploiting trusted relationships, attackers can infiltrate primary organizations' systems, potentially executing phishing attacks and escalating privileges for deeper access.
Real-World Example: Marks & Spencer (2025)
These types of compromise show that vendors’ access to primary networks creates extreme compounded risk. To prevent these kinds of breaches organizations should be implementing zero-trust networking and strong network segmentation to manage risk and control. Organizations should also actively monitor third-party IT environments as their own. Continuous monitoring of third-party perimeters, helps track exposures and risky behaviors, including misconfigurations or unpatched vulnerabilities, so that when any part of a network is shared the third parties can be better defended.
Scenario 3: Compromising the Design or Distribution of a Third Party's Product to Infiltrate an Organization

The third scenario involves a breach akin to a "Trojan Horse," where sophisticated attackers infiltrate a technology vendor to alter software, firmware, or configurations, which are then distributed to customers. Though rare, this type of breach can cause significant damage not only to the primary organization but also to all users of the affected products. The inherent trust organizations place in product updates from vendors makes them highly vulnerable, as tainted code can distribute malware across systems, enabling data theft or creating back doors for full attacker access.
Real-World Example: MOVEit (2023)
Preventing breaches and rapidly mitigating vulnerabilities in vendors is crucial, especially when zero-day vulnerabilities are announced, requiring immediate identification and patching of affected areas to prevent attacks. Organizations should be able monitor third-party attack surfaces, quickly identifying and patching vulnerabilities in collaboration with supply chains to protect against breaches, as demonstrated by the MOVEit case, where reliance on third-party protection proved insufficient.
It's important to remember a couple of key factors associated with these incidents including:
- Misconfigurations are responsible for a significant portion of third-party breaches
- Have ripple effects down a supply chain which can disrupt entire industries
- A robust third-party risk management (TPRM) program can measurably reduce the likelihood of a third-party breach and should be able to actively monitor for diverse risk types
Organizations can no longer ignore the risk that third parties pose for their cybersecurity posture, and must recognize that third-party breaches, whether through direct attacks, exploitation of trusted relationships, or compromised vendor software, are prevalent and pose serious threats to their business processes and financial stability.
Today’s third-party security breaches are diverse, costly, and hard to detect, but they’re also preventable with proactive monitoring. It is essential for organizations to implement robust monitoring and security practices to safeguard against potential vulnerabilities and minimize the risk of significant financial losses.
Related Reading
Supply Chain Defense
Navigating Cyber Threats in the Retail Sector
Supply Chain Defense
What is an SBOM and Why is it Critical to Third-Party Risk Management?