Cyber Breach Impact Levels Doubled in 2022, According to Black Kite Research

Cybersecurity risks are getting worse today for businesses. Despite all of the tools and steps we take to try and be proactive with risks, the threat landscape is growing and 2022 is proof that organizations still have a lot of work to do to be better protected.

According to a recent report by third-party cyber risk intelligence provider Black Kite, the number of breaches impacting third-party vendors increased significantly in 2022.

The report, ‘Third-Party Breach Report’ looked at the impact of third-party cyber breaches in 2022 and how they affected the companies involved.

There were 4.73 affected companies per vendor compared to 2.46 companies per vendor in 2021. Also, there were 63 third-party breaches analyzed at least 298 publicly disclosed victims last year alone.

This means that the magnitude of attacks continues to increase significantly--making it difficult for organizations to fight back against cyber threats as they grow more sophisticated and harder to detect.

The report found that the most common root cause of third-party attacks was unauthorized network access, which initiated 40% of third-party breaches last year. This is attributed to the rise in the remote work model after the pandemic.

Third-party breaches were also found to occur most frequently in the infrastructure services sector, where technical service vendors were targeted. This group has been included in 30% of incidents for four years in a row.

The good news is, there are ways for us to improve our cybersecurity posture and protect ourselves against these growing risks.

“Cybersecurity leaders must become as agile as the adversary, and that begins with keeping a continuous pulse on your digital ecosystem’s cyber posture,” said Bob Maley, CSO at Black Kite.

Black Kite provides third-party risk intelligence that helps to identify and manage vendors that pose the greatest risks to your organization.

“Global business ecosystems continue to get more complex, with every organization increasingly impacted by the cybersecurity posture of their partners, and their partners' partners, and so on,” said Jeffrey Wheatman, Cyber Risk Evangelist at Black Kite. “The reality is your attack surface is much bigger than the stuff you can control. But the good news is, you can assess and monitor your extended ecosystem to spot vulnerabilities, take action and avoid catastrophe.”