There has been a growing wave of opinion over the last 2 years that third party induced cyber breaches are somewhat rising and causing more pain to the business communities.  Perhaps incidents such as SoloriGate and Hafnium are good recent examples.

But a recent research paper published in the Oxford Journal Of Cybersecurity, claims the general opinion carried by the cybersecurity media is not so accurate.  The abstract of the paper quotes the following:

“Growing reliance on third-party services, such as cloud computing, is believed to increase client firms’ exposure to third-party induced cyber incidents. However, we lack empirical research on the prevalence and scale of third-party induced cyber incidents. Moreover, we do not know who pays more of the price for experiencing these incidents—the client firm and/or the third-party provider firm. We study these questions using a sample of 1397 cyber incidents in public firms between 2000 and 2020 of which 246 are third-party induced incidents. Our findings offer several novel insights. Third-party induced cyber incidents are not growing in prevalence any faster than other incidents, but they do compromise greater volumes of confidential data per incident. As to the price paid for third-party induced incidents, the picture is more nuanced. Client (first-party) firms suffer drops in equity returns that are comparable to those for homegrown incidents, while small third-party provider firms suffer significantly larger drops in equity returns and large third-party provider firms do not suffer a discernible drop in equity returns. We discuss implications of these findings for client firms and service providers.”

Read more by clicking the button below.