Over half of India-based companies suffer security breaches

Global supply chains could be vulnerable to attack through third-party suppliers in India, as a report reveals that over half suffered breaches in the country last year.

According to research by SecurityScorecard, Indian companies across multiple sectors – including manufacturers supplying the aerospace and pharmaceuticals industries, as well as IT services firms – have security weaknesses.

The risk management company’s study of India-based third-party risks to global supply chains revealed potential security vulnerabilities in the country.

“[Our] latest research reveals that the security weaknesses present in Indian suppliers are both more widespread and more severe than our analysts initially anticipated, creating significant potential for cascading third-party breaches that can affect organisations worldwide,” said SecurityScorecard.

It added that while Indian IT service providers have strong security postures, they suffered the highest number of recorded breaches in the study.

This is not unique to India. IT suppliers across the world are attractive targets for attackers. “Globally, IT providers face elevated cyber risk because of their central role in enabling third-party access, their large and complex attack surfaces, and their attractiveness as high-value targets.”

The report said that Indian IT companies experienced large volumes of typosquatting domains, credential compromises and infected devices.

It said suppliers of outsourced IT operations and managed services were responsible for 62.5% of all third-party breaches in its Indian sample. “This is the highest proportion our researchers have ever documented and raises urgent questions about the resilience of global businesses that rely heavily on Indian IT vendors,” said SecurityScorecard.

Indian IT suppliers have a huge share of the global IT market and supply the largest multinationals.

“India is a cornerstone of the global digital economy,” said Ryan Sherstobitoff, field chief threat intelligence officer at SecurityScorecard. “Our findings highlight both strong performance and areas where resilience must improve. Supply chain security is now an operational requirement.”

Weaknesses in the security posture of third-party companies in the supply chain can open the door to large businesses for cyber attackers. Suppliers to third parties can also create fourth-party weaknesses in the supply chain.

“The threat does not stop at direct connections. Indian companies themselves rely on a web of suppliers, creating fourth-party risks that extend even further into the global supply chain,” said the SecurityScorecard report. “A single ransomware incident or disruptive cyber attack affecting one Indian vendor could halt production lines, delay service delivery, or disrupt critical logistics for companies in multiple countries.”

Separately, in another report, SecurityScorecard found that almost all (96%) of Europe’s largest financial services organisations have been affected by a security breach at a third-party organisation.

It also revealed that 97% had experienced a breach via a fourth party, the partners of their partners, up from 84% two years ago.