SecurityScorecard CEO Aleksandr Yampolskiy joins Cyber Focus to warn that third-party risk is now the dominant cybersecurity epidemic. With just 150 companies responsible for 90% of the global attack surface, a single compromise can ripple across sectors and continents. He and host Frank Cilluffo explore the cascading risks of software dependencies, fourth- and fifth-party exposure, and the challenges of shadow IT and shadow AI. Yampolskiy outlines where companies fall short on governance and calls for outcome-driven oversight, not just busywork. They also discuss how AI can be both a vulnerability vector and a force multiplier for defense.

Main Topics Covered
• Third-party breaches now account for 65% of cyber incidents globally
• Only 150 companies comprise 90% of the global attack surface
• The risks of shadow IT and "shadow AI" leaking sensitive data
• Systemic vulnerabilities in critical infrastructure like U.S. ports and healthcare
• Limitations of compliance-driven approaches without continuous risk measurement
• The need for clear governance, outcome-oriented metrics, and board-level engagement

Key Quotes
"65% of data breaches today happen through use of a third party. Hackers go after one weak link." — Aleksandr Yampolskiy

"150 companies' products comprise 90% of a global attack surface. So if one of those companies gets compromised, all of a sudden, you can compromise almost everybody." — Aleksandr Yampolskiy

"You can be fully compliant with all the regulations, but not secure. Or you could be really secure but not compliant." — Aleksandr Yampolskiy

"An employee takes [the] general ledger or... some sensitive corporate information, uploads it to ChatGPT—or worse, to [a model] in China—gets a beautiful response, looks like a champion... but then you just leaked sensitive information from a company and nobody knows about it." — Aleksandr Yampolskiy

"Our ability to network has far outpaced our ability to protect networks." — Frank Cilluffo

Relevant Links and Resources
• SecurityScorecard Research

Guest Bio
Aleksandr Yampolskiy is the Co-Founder and CEO of SecurityScorecard, a global leader in cybersecurity ratings and risk management. A former CISO and CTO, he has led the company since 2014 in helping tens of thousands of organizations—including half of the Fortune 100—measure and strengthen their cyber resilience.