2025 Ripples Across the Risk Surface

Our actions impact those around us, and in cybersecurity, an incident at one organization rarely stops at its perimeter. When one firm’s security failure propagates to impact third parties, we call it a “ripple event”. This 2025 study analyzes more than 1,500 ripple incidents spanning 2008 to 2024 to help organizations understand how these systemic threats occur and propagate.

The data confirms that ripple events are far more costly to individual firms than single-party incidents. Falling victim to an incident that becomes a multi-party event leads to typical losses that are 10x greater and extreme losses that are 14x greater than incidents involving only a single firm. This report rewards the reader by tracking how per-firm costs for “ripple receivers”—those impacted downstream—have risen steadily and now rival the costs borne by the initial “generating” firms.

Larger organizations face an outsized risk in this hyperconnected ecosystem. Firms with over $100B in revenue are roughly twice as likely to both generate and receive ripple effects compared to smaller businesses. This study maps these cascading flows between sectors, showing, for example, that ripple events generated by Professional firms impact the Financial sector 2.7x more often than expected by chance.

Key Findings

• 10x Loss Multiplier: Multi-party ripple events routinely trigger losses that are 10 times higher for the organizations that generate them compared to single-party events.
• Generator typical cost $4.7M: Per-firm median losses for ripple generators are $4.7M, compared to only $469.1K for victims of standard single-party incidents.
• Large vs. Small risk: Large organizations ($10B+ revenue) are twice as likely on a per-firm basis to both generate and receive multi-party incidents.
• 67.5% Cost Concentration: In the vast majority of ripple incidents (67.5%), the initial generator firm bears the entirety of the financial losses.
• Rising Downstream Costs: Losses for downstream ripple receivers have trended upward and are now roughly equal to the per-firm losses of generators.
• Threat Profile Variance: Ripple incidents have a markedly higher involvement of nation-state actors and hacktivists compared to traditional single-party events.