Nearly all large organizations have robust cybersecurity measures, yet many of their third-party vendors and suppliers do not—especially those that are small and midsized businesses (SMBs). This presents a significant challenge and leaves large enterprises vulnerable because:
- They lack visibility to identify and characterize third-party risks
- Their supply chains critically rely on a significant number of small to midsize businesses.
- Organizations such as theirs are being exploited via attacks on small to midsize businesses partners
The notion that large organizations are cybercriminals’ primary targets is only partly true. When smaller entities are attacked, they often open a doorway for threat actors to access the data or significantly disrupt the operations of their larger partners. Attackers are exploiting these vulnerabilities, and cybersecurity leaders say third-party risk is now one of their biggest concerns.
“Vendor vulnerabilities are what keeps us up at night. They’re [cyber criminals] not going after the major big players. They’re not going after the AT&Ts and Verizons and things like that. They’re going after the small organizations that become more disruptive to us,” Mike Kane, SVP of Global Security Operations at Global Payments.
Why Small Vendors Create Outsized Risk for Large Enterprises
Many large enterprises have hundreds—if not thousands—of third-party vendors, suppliers, and partners. Chief information security officers (CISOs) and their teams don’t have direct oversight, control, or management of the third parties they work with to truly understand what the vulnerabilities are.
These same enterprises also lack the technical capabilities to monitor third-party risk in real time—making it difficult for them to continuously monitor thousands of vendors in addition to their day-to-day activities and priorities. But as attacks on SMBs are on the rise, finding a way to effectively manage third-party vulnerabilities is an imperative.
In 2025, small businesses experienced a 46% cyber attack rate, reporting incidents once every 11 seconds. Threat actors tend to target small businesses more than larger ones because they possess valuable data, but also weak security. The report estimated 75% of SMBs experienced attacks in the past year. For a SMB, the impact of these attacks can be catastrophic with 61% of SMBs reporting a serious cyberattack could put them out of business.
However, SMBs are increasingly recognizing the vulnerabilities of weak security and the impact of cyberattacks on finances, reputation, and customer experience. Over half of SMBs now rank cybersecurity as the organization’s top priority, reflecting a better understanding that cybersecurity is critical to the business.
The most common vectors of attack for SMBs are:
- Phishing emails: These attacks have a 30% success rate at small businesses.
- Ransomware: 51% of small businesses pay the ransom, a 20% YoY increase.
- Business email compromise: These attacks represent $2.77 billion in losses.
These challenges are compounded by a significant skills and resource gap, with 95% of attacks succeeding via human error.
Large organizations affected by third-party cyber attacks
- Harrods: In September 2025, cybercriminals breached a third-party e-commerce service provider used by Harrods, gaining access to around 430,000 customer records, including names, contact information, membership IDs, and loyalty program details.
- Qantas Airways: In June 2025, cyber criminals stole 5.7 million customer records (e.g., names, email, phone, addresses, birthdates, and frequent flyer numbers) via a third-party platform used by a Qantas airline contact center.
- Volvo Group: Miljödata, which supplies human resource software to Volvo, suffered a ransomware attack by the DataCarry group exposing full names and social security numbers.
- Allianz Life Insurance: In July 2025, an attack on a third-party, cloud-based customer relationship management system used by the Allianz Life Insurance Company of North America exposed a range of personally identifiable information (e.g., full names, social security numbers, dates of birth, addresses, and policy numbers) of a majority of customers.
- Coca-Cola: In May 2025, a breach at a Dubai-based bottling partner and subsequent refusal to pay a ransom led to hackers leaking the personal data of 959 Coca-Cola employees, including full names, addresses, passports, visa numbers, and other personal data.
- SimonMed Imaging Cyberattack: A breach in January 2025 at SimonMed, a company specializing in outpatient diagnostic medical imaging and radiology services, via one of its vendors exposed personal data, including names, medical record numbers, diagnosis, and treatment information of 1.27 million people.
These incidents highlight the financial and reputational impacts of cyber attacks on SMBs and the organizations that partner with them.
Take Back Control of Third-Party Risk
Periodic risk assessments and vendor questionnaires create the illusion of control—but they don’t reflect how third-party risk actually materializes. Breaches, credential leaks, exposed infrastructure, and supply chain exploitation unfold outside the enterprise perimeter and in real time, often long before a vendor acknowledges an issue.
To effectively mitigate third-party risk today, security teams must shift from self-reported, point-in-time assessments to ensuring continuous, independent threat visibility. This allows them to regain control by monitoring external risk signals themselves rather than waiting for vendors to disclose them.
As the U.S. Cybersecurity and Infrastructure Security Agency (CISA) emphasizes, “a supply chain is only as strong as its weakest link.” Organizations must expand their security aperture to account for suppliers with varying levels of security maturity—especially SMBs that may lack the resources to detect or communicate incidents quickly.
The defender’s playbook to mitigate third-party risk proactively
Expanding the security aperture requires a new operating model—one centered on continuous monitoring, early detection, and real-time prioritization. To ensure third-party risk programs can keep pace with modern threat dynamics, security teams must:
- Establish real-time visibility of third-party exposures outside your perimeter. Detect leaked credentials, exposed infrastructure, and sensitive data tied to vendors as they emerge without relying on periodic questionnaires or self-reporting.
- Validate security posture through real-world threat activity, not policies. Assess whether vendor controls are effective by observing live adversary behavior, exploitation attempts, and exposure signals.
- Detect breaches and incidents before vendors disclose them. Identify early indicators of compromise, data exposure, or active exploitation days or weeks ahead of formal notification.
- Prioritize vendors based on active exploitation and threat context. Focus response on suppliers showing real attacker interest and exploitation velocity, rather than static risk scores or CVSS alone.
Deploy AI-powered real-time event, threat and risk intelligence
In today’s expanding risk landscape, security teams receive more alerts, potential threats, and critical patch alerts than ever before. The deluge of data increases the risks of overlooking threats, missing critical context, and a slow response. Dataminr Intel Agents, an agentic AI capability of Dataminr Pulse for Cyber Risk, provides real-time context, comprehensive profiles of threat actors, and related historical data to enable an accelerated triage and response. Without the help of a human analyst, Intel Agents are able to provide critical data to security teams to empower faster, more confident decision-making.
Preempt Third-party Risk with Actionable Intelligence from AI and Public Data
Don’t just react to threats—anticipate and act on potential cyber threats the moment they emerge. Explore how AI can preemptively identify, analyze, and mitigate external threats.
Download EbookThis article has been updated from the original, published on July 30, 2024, to reflect new events, conditions or research.
