Ninety-eight percent of organizations have a relationship with at least one third-party vendor that has experienced a cyber breach in the past two years, according to a report published Wednesday.
While this does not necessarily mean that these organizations were involved or affected by these breaches, or that these relationships could propagate breaches, “it does mean that almost every organization is at least indirectly exposed to risk from circumstances beyond their control,” the report said . by New York-based SecurityScorecard and The Cyentia Institute, a cybersecurity research firm based in Leesburg, Virginia.
The report is based on SecurityScorecard data from more than 235,000 primary organizations, according to the report.
“These are vendors that are visible from scanning an organization̵7;s Internet-facing infrastructure,” the report said.
The typical number of third-party relationships is about 10, and three-quarters of organizations have fewer than 30, it said.