July 2025 Vendor Management News

Stay up to date on the latest vendor risk management news happening this month. Check out the articles below.

Recently Added Articles as of July 3

Managing third- and nth-party risks: As cyber threats and supply chain attacks surge, organizations must rethink how they manage risk beyond their immediate third-party vendors. Fourth and nth parties present growing vulnerabilities. Instead of trying to monitor every supplier, focus on critical parties, which are essential to your organization. Identify potential single points of failure for your critical processes and perform thorough assessments of suppliers. Understand how a supplier’s failure could disrupt your organization’s operations. Aligning risk efforts with operational impact and resilience helps reduce blind spots, withstand disruptions, and turn robust third-party risk management into a competitive advantage.

Prioritizing third-party cybersecurity during trade disruptions: As tariffs reshape global trade, many organizations are rapidly reworking vendor relationships and supply chain strategies, but it shouldn’t come at the cost of cybersecurity. Sudden changes can expose critical vulnerabilities, especially when third-party vendors aren’t properly vetted or monitored. A single weak link, like an untrained vendor employee or outdated system, can result in significant disruption. To stay resilient, integrate cybersecurity into every stage of third-party risk management. Cross-functional collaboration and proactive oversight are essential to safeguarding both operational continuity and data security.

Third-party data breach compromises patient information: A recent third-party data breach impacted patient information at several regional hospitals in Maine. The vendor supplies sleep study technology. While no Social Security or financial data was compromised, exposed information may include patient names, birthdates, medical record numbers, and test results. This incident highlights the significant risks third-party vendors can pose to sensitive data.  

Third-party data breach compromises potentially millions of records: Qantas, Australia’s largest airline, recently disclosed a significant data breach stemming from a third-party customer service platform. The breach exposed personal details, including names, contact information, birth dates, and frequent flyer numbers, of potentially millions of customers. The attack shares characteristics with recent campaigns by the threat group “Scattered Spider,” known for targeting identity systems and service desks in high-profile industries.  

Cyberattack on third party compromises Swiss government data: A ransomware attack on Swiss third-party vendor Radix exposed sensitive data from Swiss federal offices. The third party was compromised by a ransomware group that published 1.3TB of stolen data, including contracts, financial records, and communications, on the dark web. This is the second third-party breach the Swiss government has experienced in the last two years.

Insurance claim documents impacted in third-party data breach: Scania, a leading global truck manufacturer, confirmed a May 2025 third-party data breach leading to the theft of 34,000 insurance claim documents. While the company said privacy risk is limited, the leaked documents may contain sensitive personal and insurance-related data.  

Tips for effective vendor relationship and risk management: Effective vendor risk management goes beyond contracts and costs. Several organizations emphasized strategies rooted in communication, transparency, and resilience. For instance, creating detailed vendor onboarding plans sets expectations early and allows organizations to identify and address gaps before they become major issues. Others recommend performance-driven scorecards and quarterly reviews to align vendors with business goals, foster accountability, and drive innovation. Regular check-ins and shared service-level dashboards build trust and help vendors act as strategic partners. Together, these practices help build more resilient, collaborative, and value-driven third-party relationships.