Security Assessment of the Top 100 U.S. Gov’t Contractors

28% of federal contractors had at least one observable malware infection or compromised device on their networks in the past year.

Third-party software & IT caused 50% of breaches at insurance companies.

Application security was the most significant vulnerability for 41% of federal contractors, with nearly half (46%) of the most impactful security issues originating from this area.

More than half (56%) of insurance companies had at least one compromised credential in the past two years.

28% of insurance companies reported breaches—higher than the S&P 500 (21%) and double the U.S. energy industry (14%).

State-sponsored groups accounted for 35% of attributable breaches, but their role in third-party breaches rose to 39.5%.

58% of breaches impacting the top 100 U.S. federal contractors involved third-party attack vectors. This is double the global average of 29%.

35% of federal contractors experienced publicly reported breaches, with 14% having multiple incidents (2–5 breaches each).

Ransomware operators accounted for 41.25% of all breaches, with their share rising to 46.5% in third-party incidents.

59% of breaches among the top 150 insurance companies involved third-party attack vectors.

59% of insurance companies' breaches involved third-party attack vectors, more than double the global cross-industry average of 29%.

Insurance carriers represented 50% of the companies hit by third-party incidents, despite making up about 27% of the total sample.

Malware infections and device compromises affected 17% of insurance companies last year.