Research Findings on Concentrated Cyber Risk and Resilience in a Global Economy

SecurityScorecard, in partnership with McKinsey & Company, has released alarming findings from its latest research on cyber risk. The report, titled “2024 Redefining Resilience: Concentrated Cyber Risk in a Global Economy Research,” highlights the extreme concentration of cyber risk in just 15 vendors, posing significant threats to national security and global economies.

According to Dr. Aleksandr Yampolskiy, CEO and Co-Founder of SecurityScorecard, the reliance on a handful of vendors is akin to a precarious house on a cliff edge, creating potential single points of failure in the global economy. The research also reveals a surge in adversaries exploiting third-party vulnerabilities to carry out supply chain cyberattacks with maximum stealth, speed, and impact.

The study identified that 150 companies account for 90% of the technology products and services across the global attack surface, with 41% of them showing evidence of compromised devices in the past year. Additionally, 62% of the external attack surface is concentrated in the products and services of just 15 companies, which have below-average cybersecurity risk ratings, increasing the likelihood of breaches.

In response to these findings, experts recommend four key steps to mitigate supply chain cybersecurity risks, including identifying single points of failure, continuously monitoring the attack surface, detecting new vendors automatically, and operationalizing vendor cybersecurity management.

Charlie Lewis, Partner at McKinsey, emphasized the need for companies to consider the broader system of their cyber ecosystem and build mutual support with peers, competitors, and vendors to enhance resilience against cyber threats. The research underscores the critical importance of addressing vulnerabilities in third-party relationships to safeguard against cyber risks in the interconnected digital landscape.