Most firms have a relationship with a vendor that’s had a cyber breach

Ninety-eight percent of organizations have a relationship with at least one third-party vendor that has had a cyber breach in the last two years, according to a report issued Wednesday.

While this does not necessarily mean these organizations were involved or impacted by those breaches, or that these relationships could propagate breaches, “it does mean that nearly every organization is at least indirectly exposed to risk from circumstances outside their control,” said the report issued by New York-based SecurityScorecard and The Cyentia Institute, a cybersecurity research company based in Leesburg, Virginia.

The report is based on SecurityScorecard data from more than 235,000 primary organizations, according to the report.

“These are vendors that are visible from outside-in scanning of an organization’s internet-facing infrastructure,” the report said.

The typical number of third-party relationships is about 10, and three-quarters of organizations have fewer than 30, it said.