Can we trust our supply chains? The reality is third-party involvement in cyber breaches is growing, with 30% of breaches linked to third-party involvement, which is twice as much as last year, and driven in part by vulnerability exploitation and business interruptions, according to Verizon’s 2025 Data Breach Investigations Report.
The report analyzed 22,052 real-world security incidents, of which 12,195 were confirmed data breaches that occurred inside organizations of all sizes and types—and the data it found is enlightening, pointing the spotlight on supply chains.
The research shows third-party involvement in breaches was an ever-present subject in incidents throughout the past year—and third parties are not only custodians to customers’ data, but they are also critical parts to an organization’s operations. Incidents include credential reuse, espionage-motivated breaches, stolen credentials, and more.
Naturally, if you work with a third party, you must consider the security implications—and there are some ways to combat this. Third-party cyber-risk management is becoming more common. Secure-by-default standards on those platforms can make a big difference as well. And a shared responsibility model could be something to consider.
A few years back, Archon Design Solutions published an interesting report about how to accelerate the IoT (Internet of Things) digital economy with trusted value chains. At the time, it suggested leveraging the U.S. and EU CHIPS Acts could lead to global collaboration for supply chains, creating digitalization and traceability of the electronics.
This is similar to what we have seen recently with the Digital Product Passport, creating a digital paper trail for assets and their data.
The hard reality is data is exploding onto the scene faster than ever before—and partners and partners’ partners will have access to a digital flow that connects processes, products, and assets. As this happens, we must consider how we will secure all of this.
As the 2025 Verizon Data Breach Investigations Report suggests it is not a good strategy to just sit around and check the news to see if you won the vendor lottery that day. Rather, we must be proactive about this. We must make sure our partners have good security measures in place. This is an important part of the procurement processes. Perhaps more importantly, we must all have plans for when a breach does occur.
The reality is it isn’t if a breach occurs, but rather when. What strategy do you—and your partners—have in place for when this inevitably happens. That is the question you should be asking of your partners today.
Want to tweet about this article? Use hashtags #IoT #sustainability #AI #5G #cloud #edge #futureofwork #digitaltransformation #green #ecosystem #environmental #circularworld #security #cybersecurity