Skip to main content
HomeTopicsVendor Risk

Vendor Risk

Cybersecurity statistics about vendor risk

Showing 1-16 of 16 results

85% of healthcare practices experienced at least one operational disruption caused by a third-party or vendor-of-a-vendor failure in the past 12 months.

Omega Systems6/28/2026
HealthcareOperational Disruption

70% of healthcare leaders are confident in their vendors' cybersecurity posture.

Omega Systems6/28/2026
CybersecurityHealthcare

From 2024 to 2025, the number of critical vulnerabilities carried across vendors serving the financial sector increased 387%.

Black Kite6/6/2026
VulnerabilitiesFinancial Services

Among the 140 vendors whose client base is meaningfully concentrated in finance, critical vulnerabilities increased 181%.

Black Kite6/6/2026
VulnerabilitiesFinancial Services

54% of the 140 vendors whose client base is meaningfully concentrated in finance carry at least one vulnerability listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.

Black Kite6/6/2026
Exploit CatalogsFinancial Services

Where IT/OT alignment weakens in organizations in manufacturing and critical infrastructure sectors, vendor-related incident exposure nearly triples.

Secomea5/27/2026
IT/OT GovernanceIncident Exposure

Organizations that get verifiable transparency data from vendors see 64% quicker implementation of new technology.

Manifest5/27/2026
TransparencySoftware Supply Chain

Organizations in manufacturing and critical infrastructure sectors managing 21–100 external vendors report the highest incident exposure levels.

Secomea5/27/2026
Vendor AccessIncident Exposure

Vendor-related cybersecurity incidents among schools districts rose from 4% in 2023 to 32% in 2025.

Clever5/27/2026
EducationK-12

Vendor-related losses represent 18% of total losses in Resilience's 2025 claims portfolio.

Resilience5/27/2026
Insurance LossesThird-Party Risk

Nearly all organisations (99%) assess vendor risk.

Bitsight7/29/2025
Cyber riskRisk management

49% of financial institutions experienced a vendor-related cyber incident in the past year.

Ncontracts4/7/2025
Vendor riskCyber attack

Of the financial institutions who experienced a vendor-related cyber incident, 66% had recovery times under 60 days .

Ncontracts4/7/2025
Vendor riskCyber attack

Of the financial institutions who experienced a vendor-related cyber incident, 8% had recovery times more than 90 days .

Ncontracts4/7/2025
Vendor riskCyber attack

Half of financial institutions surveyed oversee 300+ vendors.

Ncontracts4/7/2025
Vendor riskFinancial institution

73% of financial institutions have two or fewer full-time employees managing vendor risk.

Ncontracts4/7/2025
Vendor riskFinancial institution