Technology sector sees a marked decline in third-party breach rates
There’s real progress in the technology sector’s approach to cybersecurity. The 2025 Global Third-Party Breach Report from SecurityScorecard confirms it. Breaches linked to tech products and services are down, from 75% previously to 46.75% now. That’s notable. It shows that concerted efforts across procurement, security infrastructure, and vendor oversight are producing results. Tech companies are learning fast, adapting faster, and their defenses are becoming more difficult to penetrate.
This is proof that security fundamentals, constant visibility, proactive threat detection, and risk-based vendor assessments, can work. If it can happen here, other industries should take note. But don’t overreact to the numbers, tech hasn’t become invulnerable. The decline means attackers are shifting their focus, not quitting. They’re still pursuing entry points, but they’re spending less time on the traditional edge and more time going around it. That’s diversification in attack surfaces.
Looking ahead, leaders should treat this less as a sign to relax and more as validation to double down on what’s working. This reduction doesn’t mean risk is gone. It has simply changed shape. Boards and executive teams should continue investing in real-time monitoring, better governance for third-party vendors, and tighter procurement reviews. Awareness across the chain is what keeps the pressure on would-be attackers.
Third-party access emerges as a preferred attack vector
One thing is becoming increasingly clear: attackers aren’t wasting time on the front door. They’re targeting third-party vendors to scale quickly and quietly. The 2025 Global Third-Party Breach Report makes this trend impossible to ignore, 41.4% of ransomware attacks now involve third-party access points. That’s nearly half. These are not isolated cases. This is systemic.
Third-party access provides reach and efficiency to threat actors. It allows them to reach multiple environments through a single overlay, using vendor access as a launchpad. This is exactly why state-sponsored groups and ransomware operators are prioritizing third-party entry. Ryan Sherstobitoff, SVP at SecurityScorecard’s STRIKE Threat Research and Intelligence division, puts it bluntly: “Threat actors are prioritizing third-party access for its scalability.” If your teams are only reviewing vendor risk on a yearly basis, you’re falling behind the velocity of these threats.
Periodic reviews won’t cut it anymore—not when adversaries are scanning for live opportunities in real time. Security leaders need to swap out scheduled audits for continuous monitoring. The shift from checklist-driven due diligence to dynamic oversight is what differentiates companies that detect breaches early from those who find out too late.
Executives should work closely with their CIOs and CISOs to make sure vendor access is being monitored constantly, with real-time alerts and automated response capabilities in place. It’s about catching issues before damage compounds across the supply chain.
Retail and hospitality sectors face the highest breach rates
While the technology sector is improving its security posture, retail and hospitality are now under heavier fire. According to SecurityScorecard’s 2025 Global Third-Party Breach Report, retail and hospitality report the highest breach rate at 52.4%. That’s higher than both the technology sector (47.3%) and energy/utilities (46.7%). These industries, rich with consumer data and often reliant on a wide range of external vendors, are becoming valuable targets for threat actors who see uneven security maturity across supply chains.
What’s happening here is a matter of weak points being exposed. Many organizations in these sectors deal with fragmented infrastructures, outdated tools, and limited real-time vendor oversight. That creates an environment where third-party security gaps are easier to exploit. More digital touchpoints mean more potential entry points if oversight and defense protocols aren’t strong at every layer.
It’s also worth noting the volume-vs-rate distinction. The healthcare sector reported the highest number of breaches overall, 78, but its breach rate is only 32.2%. That tells us healthcare networks are large and likely targeted frequently, but their controls appear to reduce proportional damage. Retail and hospitality, by contrast, are dealing with a smaller number of vendors or systems but letting too many risks slip through.
This should serve as a clear signal to executives in retail, hospitality, and similarly exposed sectors: it’s time to upgrade. Your front-end systems might look cutting-edge, but your back-end procurement standards and vendor oversight tools need to match that level of sophistication. Prioritize visibility into third-party behaviors and enforce stronger contractual requirements around cybersecurity practices.
Geographic disparities highlight regional vulnerabilities
Third-party breach exposure isn’t evenly distributed. Location plays a serious role. The 2025 Global Third-Party Breach Report makes that clear: countries differ significantly in breach rates, often based on how well their regulatory, infrastructure, and cybersecurity ecosystems are developed and enforced. Singapore leads with a 71.4% breach rate, followed closely by the Netherlands at 70.4% and Japan at 60%. Meanwhile, the United States shows a relatively lower breach rate at 30.9%, 4.6% below the global average.
That data signals two things. First, threat actors are focusing heavily on regions with high digital density and complex supply chains. These countries tend to have more partners, more integrations, and greater surface areas to defend. Second, even in countries with strong digital economies like the U.S., the numbers are lower because detection, prevention, and regulatory standards may be more aligned with best practices. When basic risk visibility and enforcement are more mature, breach volumes drop.
Executives operating across international markets should treat these regional variations as more than just statistics, they’re operational risk indicators. Cybersecurity is global, but infrastructure, compliance requirements, and vendor maturity aren’t uniform. Security policy needs local adaptation. What works in the U.S. may not work in Southeast Asia or the EU without adjustments.
To stay ahead, companies need region-specific breach readiness, translated policies, localized threat intel, dedicated resources in high-risk zones, and procurement teams that understand geography-specific risks. Failure to adapt to regional differences forces companies into reactive mode when regulatory scrutiny, or breach impact, strikes.
Coordinated security practices and robust vendor oversight are essential
When it comes to managing third-party risk, fragmented efforts aren’t enough. The 2025 Global Third-Party Breach Report reinforces the need for a unified, strategic approach that extends beyond basic due diligence. Security leaders must tailor their risk management frameworks to the specific profile of their industry, because sectors don’t face equal threats, and neither do their vendors.
Geography, organizational structure, and the technologies in use all influence risk exposure. A single policy won’t address it all. What’s needed is an approach that integrates these variables into procurement, legal contract terms, and ongoing vendor oversight. That means setting requirements upfront and holding vendors fully accountable, not just during onboarding but over the entire lifecycle of the relationship.
The report also highlights the importance of managing fourth-party risk, that’s exposure coming from your vendors’ vendors. Many breaches don’t occur directly, but through less visible links in the chain. To reduce that surface, contracts should require vendors to maintain formal and validated third-party risk mitigation programs. Without that pressure applied upstream, your own protections are incomplete.
For the C-suite, this means rethinking how procurement collaborates with security teams. Vendor selection should no longer be based purely on cost, scalability, or convenience. It must also factor in cyber maturity and the ability to meet formal, enforceable standards. Organizations that fail to build this into operational practice risk inheriting weak links they can’t control or audit.
Security leadership also needs to report on vendor performance metrics with the same rigor as internal systems. If your third-party engagements operate in silos, you’re giving up too much control. Coordinated, measurable, and proactive oversight is no longer optional, it’s foundational.
Secure-by-design technologies and enhanced procurement standards are vital
Adopting secure-by-design technologies is a requirement. The 2025 Global Third-Party Breach Report confirms that organizations relying on systems with built-in security features are better positioned to manage growing external risk. These technologies reduce dependency on after-the-fact patching or reactive controls. Design matters. If the product or service enters your environment with inherent vulnerabilities, downstream fixes won’t solve the problem at the source.
SecurityScorecard also supports the broader adoption of secure-by-design initiatives, pointing to programs like those led by the Cybersecurity and Infrastructure Security Agency (CISA). These initiatives push for higher design standards, including secure defaults, hardened configurations, and transparency around risk exposure. The message is clear: future procurement strategies must move beyond functionality and focus heavily on security posture as a selection criterion.
This shift requires a change in how executive teams view IT procurement—not as a cost-optimization function, but as a long-term risk investment. Technology selection becomes more strategic when cybersecurity metrics are weighted equally alongside operational performance or deployment speed.
C-suite leaders should ensure procurement policies require explicit validation that new tools or platforms align with security-friendly architecture. Contracts need to include clear clauses around acceptable risk thresholds, mandated security features, and ongoing maintenance obligations. Supporting vendors who commit to these standards reduces exposure, and improves resilience across the board.
Strengthening critical infrastructure through improved security measures
File transfer tools and cloud services continue to be preferred targets for attackers. These systems often act as key communication and integration points between internal networks, vendors, and customer-facing platforms. When exploited, the disruption is immediate and widespread. The 2025 Global Third-Party Breach Report reinforces the need to prioritize these high-impact environments with direct, continuous security measures.
These systems cannot rely on default settings or infrequent audits. The baseline must be proactive protection, starting with hardened configurations, multi-factor authentication (MFA), and ongoing real-time monitoring. MFA alone significantly reduces unauthorized access, especially in situations where stolen credentials or misconfigured permissions are involved.
Organizations that use scalable cloud environments or rely on large volumes of data movement across platforms must also implement frequent security assessments. Schedule-based penetration testing and compliance audits are no longer responsive enough. SecurityScorecard makes it clear: threats to these systems are both persistent and targeted, and executives need to allocate resources to match that pace.
For top-level leaders, this is about visibility and control at operational speed. High-risk infrastructure should be reviewed alongside core business KPIs. If your file transfer system or cloud platform is compromised, everything from compliance to customer trust is at stake.
Executives should make sure security teams are deploying strong controls and continuously verifying their effectiveness. With attackers specifically targeting these endpoints across global sectors, the ability to detect and contain breaches early depends on how well these systems are being fortified and observed.
Comprehensive analysis driven by diverse data sources
Effective decision-making depends on accurate, relevant, and wide-ranging data. The 2025 Global Third-Party Breach Report stands out because its findings are built on a layered dataset. SecurityScorecard combines open-source intelligence, formal security research, and government disclosures to produce a more complete view of the current breach landscape. This gives executives a higher-confidence baseline for assessing where risks are emerging and how best to respond.
Unlike reports that rely on isolated incidents or voluntary disclosures, this analysis covers 1,000 breaches across industries and regions. It includes both third-party and non-third-party incidents, offering context that highlights patterns rather than one-off failures. That broader inclusion matters. It sharpens visibility into how security posture, business model, geography, and vendor ecosystem shape actual exposure.
For business leaders, there’s value in relying on this kind of insight over smaller-sample surveys or anecdotal assessments. The granularity of this report enables better prioritization and resource allocation, key steps as security budgets rise but expectations grow even faster. It also enables more informed conversations between CIOs, CISOs, and board members by providing clear benchmarks rooted in diverse data.
Actionable insights require comprehensive inputs. Leaders should prioritize intelligence sources that bring in multiple perspectives and break down patterns across industry, geography, and infrastructure. Anything less invites blind spots. With threat actors adapting quickly, real-time, multi-source intelligence is an essential input into executive strategy, not just IT operations.
Recap
Threats are evolving. Attackers are smarter, faster, and more strategic, and they’re bypassing direct targets in favor of more scalable access through vendors and digital infrastructure. The data from 2025 makes that clear. But it also shows that disciplined execution works. The tech sector’s drop in breach rates proves real-time monitoring, secure-by-design systems, and layered vendor oversight produce results.
Executives don’t need to master every technical detail, but they do need to lead with precision. That means investing in risk visibility across supply chains, holding vendors to stronger standards, and driving procurement policies that favor resilience over short-term speed. It also means staying agile, because what’s secure today may not be tomorrow.
The market is shifting, but the fundamentals aren’t. Breaches happen where visibility is low, oversight is weak, and accountability is unclear. Fix those gaps, and the odds move in your favor.
