
Verizon’s Data Breach Investigations Report 2025 (DBIR), recognized worldwide as one of the most comprehensive studies on cybersecurity, warns that supply chains have become one of the main vectors of attacks. In El Salvador, this finding is particularly relevant, as many organizations rely on external services to operate, exposing themselves to risks that transcend their own technological perimeters.
According to the report, breaches related to third parties represent nearly 15% of the incidents reported globally, highlighting that even when a company strengthens its internal defenses, it remains vulnerable through the suppliers with which it interacts.

Mauricio Nanne, CEO of Sistemas Aplicativos (SISAP), a DBIR collaborating partner, warned: “Today, an organization’s security does not depend solely on what it does behind the scenes. Every supplier with access to critical data, systems, or processes can become an entry point for attackers. In El Salvador, where companies increasingly rely on third-party services to remain competitive, this risk is multiplied”.
The report also highlights that financial motives and corporate espionage are the main reasons behind these breaches, demonstrating that attackers seek both immediate economic benefits and strategic advantages in key sectors.

Nanne said: “Salvadoran organizations must begin to demand the same levels of cybersecurity from their suppliers that they adopt. It is not enough to protect the ‘castle’ if we leave the back door open through the supply chain”.
SISAP recommends establishing third-party risk management processes, including regular audits, access monitoring, and contractual agreements that require providers to comply with internationally recognized security standards.