Analysis of Concentrated Cyber Risk and Third-Party Vulnerabilities: SecurityScorecard Research with McKinsey & Company

SecurityScorecard, in collaboration with McKinsey & Company, has revealed alarming findings from its latest research on concentrated cyber risk. The study, titled “2024 Redefining Resilience: Concentrated Cyber Risk in a Global Economy Research,” highlights the significant threat posed by just 15 vendors to national security and global economies.

According to the research, there is a surge in adversaries exploiting third-party vulnerabilities to enhance the stealth, speed, and impact of supply chain cyberattacks. Dr Aleksandr Yampolskiy, CEO and Co-Founder of SecurityScorecard, likened the situation to a precarious house on a cliff’s edge, raising concerns about the concentration of critical services in a single vendor.

Key findings from the study include the revelation that 150 companies account for 90% of technology products and services across the global attack surface. Shockingly, 41% of these companies experienced compromised devices in the past year, while 11% fell victim to ransomware infections. Moreover, the top 15 third parties identified had below-average cybersecurity risk ratings, making them more susceptible to breaches.

McKinsey highlighted the importance of taking action to protect against third-party risks, emphasizing the need to identify single points of failure, continuously monitor the external attack surface, detect new vendors automatically, and operationalize vendor cybersecurity management.

In a world where cybersecurity threats are ever-evolving, this research underscores the critical need for companies to prioritize supply chain security and collaborative cybersecurity efforts to safeguard against potential cyber threats and disruptions. The interconnected nature of the digital landscape calls for a collective approach to mitigate cyber risk and ensure the resilience of the global economy.