Vendor Risk
Cybersecurity statistics about vendor risk
Related Topics
Showing 1-16 of 16 results
85% of healthcare practices experienced at least one operational disruption caused by a third-party or vendor-of-a-vendor failure in the past 12 months.
70% of healthcare leaders are confident in their vendors' cybersecurity posture.
From 2024 to 2025, the number of critical vulnerabilities carried across vendors serving the financial sector increased 387%.
Among the 140 vendors whose client base is meaningfully concentrated in finance, critical vulnerabilities increased 181%.
54% of the 140 vendors whose client base is meaningfully concentrated in finance carry at least one vulnerability listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
Where IT/OT alignment weakens in organizations in manufacturing and critical infrastructure sectors, vendor-related incident exposure nearly triples.
Organizations that get verifiable transparency data from vendors see 64% quicker implementation of new technology.
Organizations in manufacturing and critical infrastructure sectors managing 21–100 external vendors report the highest incident exposure levels.
Vendor-related cybersecurity incidents among schools districts rose from 4% in 2023 to 32% in 2025.
Vendor-related losses represent 18% of total losses in Resilience's 2025 claims portfolio.
Nearly all organisations (99%) assess vendor risk.
49% of financial institutions experienced a vendor-related cyber incident in the past year.
Of the financial institutions who experienced a vendor-related cyber incident, 66% had recovery times under 60 days .
Of the financial institutions who experienced a vendor-related cyber incident, 8% had recovery times more than 90 days .
Half of financial institutions surveyed oversee 300+ vendors.
73% of financial institutions have two or fewer full-time employees managing vendor risk.