https://www.sciencedaily.com/releases/2019/10/191021114929.htm

The study, conducted by Jay Simon and Ayman Omar from the university's Kogod School of Business, was accepted for publication by the European Journal of Operation Research. They found that a data breach due to a third-party supplier was more likely to lead to an underinvestment in cybersecurity measures. High-profile third-party data breaches have impacted Target, T-Mobile, and the IRS.

"Companies that want to be the most effective at preventing cyber-attacks need to look at every entity that handles their data," Omar said. "If you have one weak link, the entire operation is compromised. If I'm running a company that has strong cyber security measures in place, but my third-party vendors don't, the company is still at risk."