Third-Party Cyber Risk: The Threat You May Not Have Seen Coming

Educational

Dana Coates

Strategic Partnerships

If your business is like most today, everyone is connected—through vendor relationships, software providers, and digital systems that make daily operations smoother. But that same connectivity also creates hidden risks.

When one of your vendors experiences a cyberattack, it’s not just their problem—it can quickly become yours. Whether it’s a software outage, a ransomware attack, or a data breach, these third-party risks can disrupt your business, cost you money, and even put your customers’ information at risk.

In 2024, cyber insurance claims surged due to third-party breaches, proving that businesses need to perform due diligence on their vendor partners.

So, how well do you know your vendors’ cybersecurity practices?

Are they protecting their systems with the same level of care that you protect yours? If not, their vulnerabilities could become your next crisis.

The Weakest Link Can Bring Everything Down

Hackers love to find a single weak spot and use it to cause major damage. That’s exactly what happened in recent attacks on PowerSchool, CDK, and Change Healthcare. These breaches didn’t just affect the companies themselves—they sent shockwaves through everyone who relied on them.

According to Resilience, third-party risks like ransomware attacks and vendor-related system failures accounted for 31% of all cyber insurance claims in 2024. Even more concerning, 23% of those claims resulted in major financial losses—up from zero in 2023.

Ransomware: Still the Biggest Threat

Ransomware continued to be a top reason business lost money in 2024:

43% of claims were due to direct ransomware attacks on businesses.

18% came from ransomware attacks on vendors, which then hurt their customers.

Together, ransomware was responsible for 61% of all claims with financial losses.

Industries like transportation, manufacturing, and healthcare were hit the hardest, likely due to older technology and the high cost of downtime. Meanwhile, phishing attacks—the kind where someone tricks an employee into clicking a bad link—declined from 20% in 2023 to 9% in 2024.

What This Means for Your Business

You can have the strongest cybersecurity in the world, but if your vendors or software providers are vulnerable, your business is still at risk. Cybersecurity isn’t just an IT issue anymore—it’s a business survival issue.

Here’s what you can do:
Vet your vendors. Ask how they protect their systems and what security measures they have in place.
Update your contracts. Make sure agreements include cybersecurity requirements for third parties.
Get the right cyber insurance. A well-structured policy can help cover financial losses when things go wrong. We can help with this, ask for a consultation.

Cyber threats aren’t going away, but businesses that take a proactive approach—rather than waiting for disaster to strike—will be better positioned to protect their operations and financial stability.

How Confident Are You in Your Vendors’ Cybersecurity?

Use this quick Third-Party Cybersecurity Survey to assess your vendors and gain a baseline level of comfort:

Do you have written cybersecurity policies in place?

Yes, and they are regularly reviewed and updated.

Yes, but they haven’t been updated in a while.

No, we do not have formal cybersecurity policies.

Do you require employees to use multi-factor authentication (MFA) for logging into your systems?

Yes, for all employees.

Yes, but only for certain roles.

No, we do not require MFA.

How do you protect customer data from cyber threats?

We use encryption, firewalls, and regular security audits.

We have some security measures but could improve.

We do not have a formal data protection strategy.

Have you experienced a cybersecurity breach in the past 12 months?

No, and we have strong monitoring systems in place.

Yes, but we took steps to fix the issue and improve security.

Yes, and we are still working on resolving vulnerabilities.

5️ Do you have cyber liability insurance in case of an attack?

Yes, we have a cyber insurance policy.

No, but we are considering getting one.

No, and we do not plan to get one.

Next Steps

If your vendors scored mostly green flags (first answer in each question)—great! They likely take cybersecurity seriously.

If you saw some yellow flags (second answers)—it may be time to ask more questions and encourage improvements.

If there were red flags (third answers)—you might need to rethink that vendor relationship or require them to strengthen their security before continuing to work together.

Cybersecurity isn’t just about protecting your business—it’s about protecting your entire network of partners, customers, and employees. Taking the time to assess your vendors can make all the difference in preventing the next big cyberattack.

Have questions about cyber third-party coverage? Let’s talk.

Recent Blogs

Beyond COVID: What Businesses Learned About Risk, Resilience, and Revenue Protection
Educational
Third-Party Cyber Risk: The Threat You May Not Have Seen Coming
Educational
Why Small Businesses Need Cyber Liability Insurance Now More Than Ever
Educational
Independent Contractors vs. Employees: Understanding Liability & Risk
Educational
Towing Industry Insurance: What You Need to Know
Educational
How Dirt Haulers Cut Insurance Costs and Avoid Costly Pitfalls
Educational
Is Your Home Properly Insured? Common Coverage Gaps Homeowners Overlook
Educational
Is Your Business Prepared for a Cyberattack? Why Cyber Liability Insurance is a Must in 2025
Educational

Terms and Conditions Privacy State Licenses Compensation Disclosure