THE Hacker News reports that the next major breach affecting clients is likely to come through a vendor or subcontractor rather than inside a company’s own walls, highlighting how third‑party risk now sits at the core of security postures. It cites the 2025 Verizon Data Breach Investigations Report, which found third parties are involved in 30% of breaches, and IBM’s 2025 Cost of a Data Breach Report, which puts the average remediation cost of a third‑party breach at $4.91 million.
The piece argues that traditional vendor reviews and annual checklists are no longer enough, with regulatory frameworks such as CMMC, NIS2 and DORA raising the bar for ongoing oversight. Global spending on third‑party risk management is projected to grow from $8.3 billion in 2024 to $18.7 billion by 2030, signalling that governance of vendor exposure has become a defined service area for MSPs and MSSPs.
The article endorses Cynomi’s Securing the Modern Perimeter: The Rise of Third-Party Risk Management as a practical starting point for building scalable TPRM programmes. According to Cynomi’s guide, service providers can turn TPRM into a recurring, high‑margin offering that strengthens client retention and resilience.