An in-depth analysis of the most significant third-party cyber risks and incidents in 2023. Covering adversary activity in 2023, this report is the first to use SecurityScorecard’s new BreachDetails threat intelligence solution. With BreachDetails, SecurityScorecard increased the level of breach data coverage by 50% compared to other breach notice providers by using AI to analyze news articles, ransomware notifications, and international sources. Key findings: 75% of third-party breaches targeted the software and technology supply chain 64% of third-party breaches linked to C10p cybercrime group 61% of third-party breaches attributed to MOVEit (CVE-2023-34362)

New cybersecurity regulations from the SEC require publicly traded companies to disclose “material” cyber incidents within four days. But many companies, policymakers, and shareholders still lack key insights into the current threat landscape. Against this backdrop, SecurityScorecard’s threat researchers analyzed the security ratings of the members of the S&P 500 U.S. stock market index. Key findings from the report include: 21% of S&P 500 companies reported breaches in 2023 25% of these breaches impacted Financial Services and Insurance companies 52% of companies had Exposed Personal Information The average Social Engineering risk grade for the S&P 500 is an "F" ... Read More