Data Breach Incidents Involving Third-Parties Has Doubled

Verizon reports that in 2024, third-party service exploitation was responsible for 30% of data breaches, double the amount from 2023.

Additionally, Verizon’s 2025 Data Breach Investigations Report also found that vulnerability exploitation increased 34%, making up for 20% of the data breaches.

These findings were taken from a large data set of over 22,000 security incidents and more than 12,000 confirmed data breaches.

• Proliferation of specialized SaaS providers.
• Attacks on third-party software doubled.
• Ransomware increased by 37%, making up for 44% of data breaches.
• Strong emphasis on zero-day exploits against perimeter devices and VPNs.
• Supply chain attacks can lead to severe consequences.
• Business interruption incidents increased.
• Humans are responsible for a significant portion of data breaches, due to social engineering and credential abuse attacks.

According to the report, businesses outsourcing critical operations to third parties are increasing. While this enhances scalability and efficiency, it also provides cybercriminals with a larger attack surface, increasing the chances of falling victim to a cyberattack.

Additionally, Verizon’s report also emphasizes that high-profile data breach incidents involving supply chain attacks can be as nefarious, or even more so, than traditional breaches due to downtime and severe business continuity disturbances.

Considering our increasing dependence on the internet, 2025 may well be the worst year so far for cybercrime. The lack of cybersecurity awareness, combined with the broad adoption of third-party services for essential business operations, makes for an explosive cocktail. It’s fundamental for businesses to have a clear understanding of the biggest cybersecurity threats to look out for and to adopt the best supply chain security measures.

Unfortunately, smaller businesses are especially vulnerable to cyberattacks. This is primarily due to budget restrictions and a lack of cybersecurity awareness, emphasizing the importance cybersecurity essentials.

No business is the same, which means protecting against data breaches may require different approaches. While different services can help, such as antivirus and internet security suites, we recommend implementing a VPN, password manager, and online data backup software tailored to businesses.