97% of Top U.S. Banks Hit by Third-Party Data Breaches in 2024 – SecurityScorecard

Posted on By Martin Hinton

I read it and thought this isn’t new, “97% of Leading U.S. Banks Impacted by Third-Party Data Breaches in 2024.” I went to check on SecurityScorecard’s website. I was wrong; it is new, and I’d confused it with this press release from last month, “97% of Top U.S. Retailers Experienced a Third-Party Breach.” While my memory isn’t 97%, I notice the… “third party” trend.

The new report from SecurityScorecard reveals, again for the back of the class, that 97% of the top 100 U.S. banks experienced third-party data breaches in 2024. The findings highlight significant vulnerabilities in banking supply chains as institutions increasingly rely on external vendors for critical operations.

image of securityscorecard's logo

As you can expect, the analysis emphasizes the risks associated with third- and fourth-party breaches. One significant element of the report is that only 6% of vendors were directly compromised. But even that low percentage resulted in nearly every bank being affected. Fourth-party breaches stemming from secondary vendor relationships impacted 97% of these institutions.

Interstingly, and back to my initial confusion, the report on retailers also found that 97% of the largest companies also suffered a third-party breach, and only 4% of vendors were compromised. Given the pattern, it’s important to note the broad impact of these vulnerabilities. 

“Nearly all major U.S. banks faced third-party breaches, exposing serious weaknesses across our interconnected digital ecosystem,” said Ryan Sherstobitoff, Senior Vice President of Threat Research and Intelligence at SecurityScorecard. “One compromised vendor could destabilize the entire financial system.”

Recommendations for Banks:
  1. Automated Monitoring: Continuously monitor vendor to detect risks proactively.
  2. Risk Mapping: Identify critical processes and potential single points of failure within supply chains.
  3. Enhanced IT Oversight: Robust IT monitoring can uncover hidden vulnerabilities.

SecurityScorecard’s data breach research analyzed over 9,000 domains linked to third- and fourth-party vendors across the 100 largest U.S. banks. The study underscores the urgent need for improved cybersecurity strategies to protect the financial system from cascading risks.

Source: SecurityScorecard Threat Intel Report: 97% of Leading U.S. Banks Impacted by Third-Party Data Breaches in 2024.

Other News: Mid-Size Bank Cybersecurity: Underinsured and Overexposed(Opens in a new browser tab)

Martin Hinton

Martin Hinton is the Executive Editor and Publisher of Cyber Insurance News and Information. With over three decades of journalism experience across six continents, his work encompasses investigative reporting, documentaries, and coverage of cultural, political, and business news. To learn more about his career, click on his name to visit his LinkedIn page.

Cyber Insurance, Cybersecurity, Cybersecurity Report Tags:, , , , , , , , , ,

Related Posts