This report analyzes independent data gathered on over 800 multi-party cyber incidents observed over the last decade.
These so-called “ripple events” are different than traditional security breaches because they don’t just impact a single organization, but spawned secondary loss events affecting thousands of organizations downstream in the supply chain. Multi-party loss events are in part enabled by the extensive network of third party dependencies and exposures explored in the Internet Risk Surface Report published earlier this year by Risk Recon and the Cyentia Institute. We demonstrate that multi-party losses are increasing in frequency and that losses incurred by these ripple events are much higher than single-party incidents.
