AI, Exploits, and Third-Party Risk: What’s Really Happening Across the S&P 500?
Register Now
Looking to streamline your TPRM? Join our Product Deep Dive Webinar with live Q&A!
Register Now
Press release

S&P 500’s Cybersecurity Risk Exposed: One in Five Hit by Major Outages in 2024

UpGuard Team
UpGuard Team
March 13, 2025

UpGuard reveals one in five S&P 500 companies suffered major disruptions due to vendor failures in 2024, exposing the hidden cyber risks threatening America’s largest enterprises.

MOUNTAIN VIEW, CA — 13 MARCH 2025 — Cyber threats to the S&P 500 are escalating, with AI adoption, third-party failures, and security gaps creating billion-dollar liabilities. Finance, IT, and Industrials are among the most exposed sectors, with 66% of companies running software containing known vulnerabilities. The financial sector, in particular, faces heightened risks from supply chain attacks, according to UpGuard’s latest S&P 500 Cybersecurity Report. Real Estate and Consumer Staples ranked lowest in email security, leaving them highly vulnerable to phishing attacks.

As AI adoption accelerates across major enterprises, UpGuard’s analysis reveals critical gaps in vendor oversight, software integrity, and attack surface management, creating weaknesses that attackers are actively exploiting. Financial services and healthcare, which rely heavily on AI for automation and analytics, are particularly vulnerable as attackers target sensitive data and critical infrastructure. 

Industrials, finance, and healthcare were hit hardest by third-party failures in 2024. The CrowdStrike outage alone impacted 22% of the S&P 500, demonstrating how a single vendor failure can disrupt entire industries. Likewise, thirty-three businesses were exposed by the Polyfill.io attack, where compromised third-party software injected malicious code into widely used web services.

"The companies powering the U.S. economy are rapidly adopting AI and third-party technologies, but many don’t realize the risks they’re introducing," said Greg Pollock, Head of Research and Insights, UpGuard. "Security gaps aren’t just technical issues. They're business risks that can lead to billion-dollar disruptions. Companies that take a proactive approach to AI and vendor security will be the ones that stay resilient."

AI’s Widespread Adoption is Introducing New Risks

AI is now embedded in the fabric of every S&P 500 company, with 69% of firms demonstrating strategic investments in AI based on sentiment analysis of their recent website content. However, security measures remain inconsistent. Legal and compliance risks are already emerging, with Microsoft, Meta, Google, and Nvidia facing lawsuits over AI model training.

Despite widespread AI adoption, few S&P 500 companies have disclosed clear AI security frameworks, leaving critical gaps in governance and risk management – exposing them to data leaks, financial fraud, and regulatory fines. With lawsuits already targeting Microsoft, Meta, and Google, the race to secure AI has never been more urgent. 

Who’s Leading and Who’s Falling Behind?

While the report highlights widespread vulnerabilities, it also identifies companies making significant improvements in cybersecurity: 

  • Top Performers: Cincinnati Financial, PNC, Accenture and The Cooper Companies scored among the highest in UpGuard’s cybersecurity rankings, reflecting strong encryption, vendor security, and proactive risk management.
  • Sectors at Risk: The Real Estate and Consumer Discretionary industries ranked lowest in email security, leaving them highly exposed to phishing and business email compromise attacks.
  • Most Improved: Incyte improved their security scores by over 45% as well as Axon Enterprise and Applied Materials by almost 25%, demonstrating that rapid security improvements are possible with the right investments.

The security failures outlined in UpGuard’s latest report are not just technical oversights, they are direct threats to business continuity, financial stability, and national security. As AI integration outpaces security preparedness and third-party dependencies continue to grow, organizations must take immediate action to protect themselves from the next inevitable cyber crisis.

"AI is changing the game for both attackers and defenders, and weak spots in the supply chain are costing companies billions," continued Pollock. "Securing internal networks isn’t enough anymore. Companies must extend their risk assessments to every AI-powered tool and third-party vendor they rely on. The organizations that embed AI security into their frameworks now will be the ones that stay ahead of the next wave of threats."

Read the full report here including detailed sector and company rankings. 

ENDS

NOTES TO EDITORS

  • Data sourced from public records collected between September 2023 and September 2024 with insights developed using UpGuard’s proprietary cyber risk assessment tools. 
  • All data and insights have been validated by cyber security and data experts. 
  • A full copy of the  S&P 500 Security Report can be found HERE

METHODOLOGY

This report draws on data from the UpGuard platform, which scans publicly available information to evaluate the security posture of S&P 500 companies. The data highlights how well these organisations manage key risk areas, such as email security, website security, and network security, all of which are critical in preventing cyber threats. UpGuard assigns a Security Rating by analysing various risk factors, with lower scores given more weight to reflect the importance of addressing weaknesses. Each company’s score is calculated on a scale of 0 to 950 and grouped into letter grades, where an ‘A’ represents strong cybersecurity performance. The report assesses 10 risk categories and includes a year-over-year comparison to assess the overall security performance of the S&P 500.

ABOUT UPGUARD

Born in Hobart, Australia and scaled in Silicon Valley, UpGuard is a cybersecurity platform that helps global organisations prevent data breaches, monitor third-party vendors, and improve their security posture. Using proprietary security ratings, world-class data leak detection capabilities, and powerful remediation workflows, we proactively identify security vulnerabilities for organisations of all sizes.

PRESS CONTACT

Charlotte Hartley-Wilson
PR Manager 
charlotte.hartley-wilson@upguard.com  

Deliver icon

Sign up for our newsletter

Stay up-to-date on everything UpGuard with our monthly newsletter, full of product updates, company highlights, free cybersecurity resources, and more.

UpGuard blog

Learn about the latest issues in cybersecurity.
UpGuard logo
Remediation Made Easy: Reducing Risks and Driving Vendor Action
Abstract image background

Remediation Made Easy: Reducing Risks and Driving Vendor Action

Is your security team lost in the chaos of managing vendor remediation? Learn how UpGuard’s AI can help.
Nicholas Sollitto
Nicholas Sollitto
March 26, 2025
UpGuard logo
Evidence Analysis: Unlocking Insights for Stronger Security Posture
Abstract image background

Evidence Analysis: Unlocking Insights for Stronger Security Posture

Is sorting through mountains of vendor information weighing your team down? Learn how UpGuard's AI can help you solve this and other inefficiencies.
Nicholas Sollitto
Nicholas Sollitto
March 13, 2025
UpGuard logo
Vendor Responsiveness Solved: Soothing Your Third-Party Aches
Abstract image background

Vendor Responsiveness Solved: Soothing Your Third-Party Aches

Is waiting on vendor responses slowing down your risk assessments? Learn how UpGuard's AI can help you solve this and other inefficiencies.
Nicholas Sollitto
Nicholas Sollitto
March 6, 2025
UpGuard logo
Cast a Wider Net: UpGuard Now Scans 5x More Sources
Abstract image background

Cast a Wider Net: UpGuard Now Scans 5x More Sources

Introducing UpGuard’s enhanced news and incident coverage. 500% better coverage to keep you ahead of the latest security threats.
UpGuard Team
UpGuard Team
January 16, 2025
UpGuard logo
How to Overcome the Security Questionnaire Burden
Abstract image background

How to Overcome the Security Questionnaire Burden

Explore how Trust Exchange is revolutionizing the security questionnaire process, freeing security teams from the burden of repetitive, manual tasks.
Nicholas Sollitto
Nicholas Sollitto
January 16, 2025
UpGuard logo
UpGuard’s Updated Cyber Risk Ratings
Abstract image background

UpGuard’s Updated Cyber Risk Ratings

Discover UpGuard's updates to its cyber risk ratings, including enhanced risk categorization and an improved scoring algorithm.
Nicholas Sollitto
Nicholas Sollitto
January 16, 2025
View all blog posts
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

See UpGuard In Action

Book a free, personalized onboarding call with one of our cybersecurity experts.
Contact sales
Free demo
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Free score
Website Security scan resultsWebsite Security scan rating
UpGuard logo
UpGuard is a complete third-party risk and attack surface management platform.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Products
Tools
Company
Insights
@2025 UpGuard, Inc.
Research GuidelinesPlatform Terms & ConditionsWebsite Terms & ConditionsPrivacyCookies