66% of incidents involve the supply chain or a third party, up from 45% in 2024.

Confidence in data security falls to 40% when data passes through third-party provider networks.

32% of leaders do not know the locations of all of their data centers, rising to 49% when including third-party providers.

11% of leaders say they are aware of definite weak points when their data travels across third-party infrastructures.

70% of organizations experienced at least one material third-party cyber incident in the past year.

Business associates (including billing vendors, imaging firms, and outsourced IT providers) were involved in 17 of the 107 email-related breaches in healthcare. This represents 16% of all incidents.

68% of healthcare leaders cited third-party software as the top risk.

68% of healthcare leaders cited third-party software as the top risk.

Third-party and supply chain risk was a big security pain point (42%)