This report offers an in-depth examination of the underlying condition that enables such incidents to take place-the widespread interdependence of modern digital supply chains. We analyzed data from over 230,000 organizations to investigate the prevalence of security incidents among third parties. We then measure the extent of vendor relationships and explore the effects of that exposure. Finally, we compare the security posture of organizations to that of their third and fourth-parties to yield data-driven insights on how to identify risky vendors and better manage exposure.