Third-Party Digital Supply Chain Risk: Exposing the Shadow Code on Your Web Properties

A quantitative analysis of 4,300 websites

The modern website has a 3rd party digital supply chain of its own. These partners play a critical role in user experience, in site performance, in analytics and in driving improved conversion rates. This makes managing risk inherent in 3rd- and 4th-party scripts both a vital and challenging task. During Q1 of 2022, we scanned the top 4,300 websites by traffic worldwide and analyzed the data to provide answers to questions such as:

• How many third-party and fourth-party scripts can be found on the average website? 
• How many third-party scripts are on sensitive pages? What are the scripts being used for?
• How do the numbers and types of scripts vary by industry?

The ultimate challenge for the security team of an average website is checking for shadow code on multiple third- and fourth-party scripts. Even when security teams have the tools to monitor the behavior of scripts, they may need to investigate hundreds of incidents a day. Security teams of today need a low-burden approach to mitigating the risk in third-, fourth-, and Nth party scripts.

Download our State of the Industry Report to:

• Discover how organizations can use information about third-party scripts to strengthen security
• Examine third-party risk analysis findings from two real organizations; a leading brokerage and banking firm and a global hotel and hospitality company
• Access a detailed analysis of the six types of features that could be exploited by bad actors
• Explore the average number of third-party and fourth-party scripts on websites, by industry: e-commerce, travel and hospitality, healthcare, and finance and financial services