Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
- SecurityScorecard report finds most EU companies will experience a third-party data breach by 2024
- The Scandinavian countries were better, the French were worse
- Companies should prioritize third-party risk next year, researchers warn
Third-party data breaches have emerged as one of the biggest cybersecurity threats for organizations in the European Union, new research has claimed.
A SecurityScorecard report took the top 100 companies in Europe and analyzed factors such as network security, malware infectionsendpoint security, patching cadence, application security and DNS health.
It found that almost all European companies (98%) experienced a third-party breach in the last year, which means that practically every organization had a partner company that was exposed. Although SecurityScorecard did not discuss it, it is safe to assume that at least some of these organizations suffered some operational disruptions due to these breaches, especially since “only” 18% of companies reported direct breaches in the past year .
Prioritize risks
Looking at individual verticals, SecurityScorecard says transportation was the most secure sector with no low-scoring companies. At the other end of the spectrum is the energy industry, with 75% of organizations scoring C or lower (A is the best, and F is the worst). Additionally, a quarter (25%) reported experiencing direct violations.
Scandinavian, British and German companies were reported as the most secure, while France had the highest rate of third- and fourth-party vendor breaches (98% and 100% respectively).
For Ryan Sherstobitoff, SVP of Threat Research and Intelligence at SecurityScorecard, prioritizing third-party risk management should be a priority for all EU companies, especially with DORA right around the corner.
The DORA legislation, short for the Digital Operational Resilience Act, is a new regulatory framework from the European Union aimed at strengthening the cybersecurity and operational resilience of financial institutions. With it, banks, insurance, investment companies and other entities in the financial sector should be more resistant to disruptions, cyberattacks and similar incidents.
The legislation is expected to come into effect on January 17, 2025.
