In today’s age of hyperconnectivity, what happens to your enterprise partners will eventually happen to you.
The tech sector thrives on rapid innovation, agile partnerships and application programming interface (API)-driven interconnectivity; an ethos that has evolved across other industries. But this very dynamism has created an attack surface far broader than traditional organizations can be used to covering.
As evidenced by the recent data breach involving a customer service provider reported at Adidas, the weakest links in the digital chain are often not the companies themselves, but the shadow networks of service providers and infrastructure enablers surrounding them.
And it doesn’t just feel as though credential theft and ransomware attacks are surging in frequency and sophistication; according to the Verizon 2025 Data Breach Investigations Report, they actually are.
In 2023, just 15% of data breaches involved third parties such as vendors, service providers and platforms that handle customer or operational data. Fast forward to last year, and the percentage of third parties involved in data breaches has now doubled to 30%, nearly one in three, a figure that presents a clear and alarming escalation.
From IT services and cloud platforms to customer support tools and code libraries, third-party providers increasingly touch every part of a business’s operations. As the Verizon report makes clear, this interdependence is not just a theoretical vulnerability. It’s a practical one that can inform decisions around buying, building or partnering in security-critical sectors such as financial services and payments.
See also: Why CFOs and CISOs Should Care About B2B Cyber Audits
Supply Chains as the New Frontline of Cyberwarfare
For many organizations, it’s a simple equation: More third-party integrations + more human error = more breach opportunity.
“In 2021, there were 400 data breach lawsuits filed,” Philip Yannella co-chair of the privacy, security and data protection practice at Blank Rome and the author of “Cyber Litigation: Data Breach, Data Privacy & Digital Rights,” 2025 edition, told PYMNTS. “Last year, there were over 2,000.”
“Data breaches are always the biggest danger, particularly for financial institutions … We’re going to go through a period where we see more breaches — potentially more expensive breaches — until companies can get their arms around how to deal with them,” Yannella added. “If you’re a bank, you’ve got to worry quite a bit about your vendors.”
As the Verizon report noted, while humans are still involved in roughly 60% of breaches, whether through phishing, misconfigurations or leaked credentials, the source of those human lapses is often outside the perimeter of the affected organization.
Against this backdrop, security is increasingly becoming a non-negotiable part of vendor evaluations, just like financial stability or service-level agreements. Even so, traditional vendor assessments such as questionnaires, SOC 2 reports, and annual audits can prove insufficient in today’s fluid risk environment.
Increasingly, FinTechs and banks are shifting toward continuous cyber risk monitoring. This approach can commonly use machine learning models and artificial intelligence (AI) trained on petabytes of telemetry data to flag suspicious activity, such as abnormal login patterns or unsanctioned data access, within seconds. The goal: shrink dwell time and cut off lateral movement inside sensitive systems.
Read also: CFOs Embrace Data Clouds Amid Shift Away From Pure-Play Record-Keeping
AI: Guardian or Pandora’s Box?
While the architecture of modern business may demand a new kind of openness, the architecture of modern security must still evolve to meet it. Modern cyber audits are evolving to become continuous, data-driven processes rather than episodic reviews. Platforms now ingest structured and unstructured data from across the enterprise — such as server logs, access records and transaction metadata — and use them to detect emerging threats.
Emerging technologies such as zero-trust architecture, confidential computing and AI explainability frameworks are helping companies bake security into their systems from day one.
In this context, AI has emerged as both shield and sword in the battle for digital trust. From autonomous drones to AI-powered hacking tools, the militarization and criminal use of AI are expanding the landscape of digital threats. At the same time AI-powered tools can monitor networks in real time, detect anomalies and respond to threats faster than any human could.
For modern enterprises, the next data breach may come through a door they didn’t even know existed. The question isn’t whether third-party risk is real. It’s whether organizations are ready to face it head-on.
