Covering adversary activity in 2023, the report is the first to use SecurityScorecard’s new BreachDetails threat intelligence solution. With BreachDetails, SecurityScorecard increased the level of breach data coverage by 50% compared to other breach notice providers by using AI to analyze news articles, ransomware notifications, and international sources.
Ryan Sherstobitoff, Senior Vice President of Threat Research and Intelligence, said:
“The supplier ecosystem is a highly desirable target for ransomware groups. Third-party breach victims are often not aware of an incident until they receive a ransomware note, allowing time for attackers to infiltrate hundreds of companies without being detected.”
Third-party cyber risk is a business risk
As cited by the new SEC cybersecurity incident disclosure requirements, SecurityScorecard discovered that 98% of organizations have a relationship with a third party that has been breached. According to Gartner® Research, “The cost of a third-party cyber breach is typically 40% higher than the cost to remediate an internal cybersecurity breach.”2 With the average cost of a data breach reaching $4.45 million in 2023, organizations must proactively operationalize supply chain cyber risk management to mitigate business risk.
Dr. Aleksandr Yampolskiy, CEO and Co-Founder, SecurityScorecard, stated:
“In the digital age, trust is synonymous with cybersecurity. Companies must improve resilience by implementing continuous, metrics-driven, business-aligned cyber risk management across their digital and third-party ecosystems.”
About STRIKE
The STRIKE threat intelligence team combines unique threat intelligence, incident response experience, and supply chain cyber risk expertise. Backed by SecurityScorecard technology, STRIKE is a strategic advisor to CISOs worldwide. STRIKE threat research empowers organizations to understand supply chain cyber risk and adversary attribution.
About SecurityScorecard
Funded by world-class investors, including Evolution Equity Partners, Silver Lake Partners, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings, response, and resilience, with more than 12 million companies continuously rated.
Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard’s patented security ratings technology is used by over 25,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight.
SecurityScorecard makes the world safer by transforming how companies understand, improve, and communicate cybersecurity risk to their boards, employees, and vendors. SecurityScorecard achieved the Federal Risk and Authorization Management Program (FedRAMP) Ready designation, highlighting the company’s robust security standards to protect customer information, and is listed as a free cyber tool and service by the U.S. Cybersecurity & Infrastructure Security Agency (CISA). Every organization has the universal right to its trusted and transparent Instant SecurityScorecard rating.
Back to HCB News
