Silent breaches are happening right now, most companies have no clue

The breaches and ransomware attacks of 2024 highlighted systemic vulnerabilities, demonstrating how third-party and fourth-party dependencies amplify risks across industries, according to a Black Kite report.

Researchers revealed how silent breaches underscore the risk posed by unseen vulnerabilities in third-party networks. By exploiting these hidden weaknesses, attackers disrupted individual organizations and exposed the fragility of entire supply chains.

Third-party breach incidents in 2024

Unauthorized network access accounted for more than 50% of publicly disclosed third-party breaches in 2024. Ransomware remained one of the most disruptive cyber threats in 2024 — accounting for 66.7% of known attack methods — with attackers increasingly leveraging third-party vectors to amplify their impact.

Software vulnerabilities continued to pose significant risks in 2024, including the exploitation of zero-day vulnerabilities. These vulnerabilities predominantly affected internet-facing network devices, operating systems, and widely used applications, underscoring the continued reliance of attackers on unpatched or misconfigured systems.

The healthcare sector was the most affected by third-party breaches in 2024, accounting for 41.2% of all incidents. This dominance is attributed to the high value of patient data, operational dependencies on third-party providers, and the sector’s inherent vulnerabilities.

Credential misuse emerged as a growing avenue for data breaches in 2024, accounting for nearly 8% of known attack methods. Public data breaches and credential dumps on dark web marketplaces provided a steady supply of compromised credentials, and the rise of automated tools for credential stuffing and brute force attacks further exacerbated this trend.

One out of every four third-party breaches in 2024 originated with software vendors, demonstrating a shift away from previously highly targeted areas — technical services represented only 11.5% of breaches in 2024 — indicating a growing preference for targeting software supply chains as organizations further digitize their operations.

“The cyberthreat landscape in 2024 was shaped by evolving attack methods and persistent vulnerabilities, with many incidents exploiting the interconnectedness of third-party relationships,” said Ferhat Dikbiyik, chief research and intelligence officer at Black Kite. “As organizations increasingly rely on third-party vendors, attackers have adapted their strategies to exploit these dependencies, leading to cascading risks across industries.”

Improvements in cybersecurity posture across industries

Research also shows improvements in cybersecurity posture after incidents across many industries. Healthcare vendors, which were responsible for 9% of third-party breaches in 2024, had the most change, with 62.5% achieving better grades following an incident.

This can be partially attributed to regulatory requirements in frameworks like HIPAA, which continue to drive advancements in cybersecurity posture. Similarly, 33% of financial services providers improved. In contrast, only 21.7% of software services vendors, which face relatively less regulatory pressure, showed measurable improvement.

Healthcare organizations accounted for 41.2% of third-party breaches in 2024. This dominance is attributed to the high value of patient data, operational dependencies on third-party providers, and the sector’s inherent vulnerabilities.

Finance & insurance (14.9%) and manufacturing (14%) followed as industries most affected by third-party breaches, underscoring the disproportionate risk faced by these critical sectors.