The business perimeter has become as global and interconnected as commerce itself.
On Aug. 6, Air France and KLM issued a public disclosure announcing that customer data had been compromised following a security incident involving a third-party service provider used by their customer contact centers.
The airline group confirmed that personal details such as names, email addresses, phone numbers, frequent flyer numbers and customer service message metadata were exposed. Crucially, no passwords, payment information, or ID documents were affected, according to official statements.
The breach represents a textbook case of third-party risk. While the airline’s internal infrastructure remained secure, attackers gained access through a platform integrated into customer operations. Organizations increasingly rely on external vendors like CRM systems, ticketing services or marketing tools, which creates a complex digital supply chain where indirect access can lead to direct consequences.
That’s why, in 2025, being secure means more than securing systems. It means securing relationships, data flows and the human behaviors that surround them.
Read more: Know Your Sector, Know Your Scam: eCommerce Fraud in 2025
Mitigating Third-Party Supply Chain Risks Is Key to Enterprise Security
The incident involving Air France and KLM is not an outlier but an example of how vulnerable modern organizations have become, even those with significant resources, to widely known but highly effective intrusion techniques. The breach is ultimately part of a broader trend: attackers exploiting the human element and targeting the digital supply chain.
The PYMNTS Intelligence August 2025 Certainty Project report, “Vendors and Vulnerabilities: The Cyberattack Squeeze on Mid-Market Firms,” found widespread fears about social engineering targeting payments, with 87% of mid-market firms at least somewhat concerned.
At the same time, B2B cyber audits can help organizations assess their security posture, identify vulnerabilities and build trust with partners and clients. For C-suite leaders, these audits are not just about compliance but about safeguarding their enterprise’s long-term stability, resilience and trust.
Phishing via look-alike login portals remains a persistent threat. In these attacks, users are directed to fake login pages designed to replicate legitimate services, often via email, SMS, or compromised chat platforms. Once credentials are entered, attackers use them to access corporate systems or third-party SaaS platforms.
A wave of data breaches impacting companies like Qantas, Allianz Life, LVMH and Adidas, for instance, was tied by Google researchers to a hacker group using voice phishing attacks to steal data from Salesforce CRM instances.
Threat actors are also now commonly using search engine optimization (SEO) poisoning to place malicious pages near the top of search results. These pages can often mimic legitimate login portals, software downloads, or vendor sites. Employees searching for “vendor login” or “partner portal” may be misled into visiting compromised sites.
See also: What B2B Firms Can Learn From Big Tech’s Cybersecurity Initiatives
The Changing Face of Today’s Enterprise Cyber Risk Landscape
In a globally interconnected economy, the traditional fortress model of cybersecurity has become obsolete. The “perimeter” now encompasses not just a company’s own systems, but every partner, platform and subcontractor touching its data.
While vulnerabilities in code and configuration remain important, human factors often seal the breach. Attackers increasingly combine technical compromise with psychological manipulation.
In security circles, the model is called the “extended enterprise.” In practice, it’s a digital ecosystem where the old perimeter model — defending your own network from the outside world — has been replaced by an intricate web of shared connections.
Cybersecurity is no longer an IT-only function. It is a business risk, a customer trust issue and in some sectors, a matter of regulatory survival. CISOs are finding new allies in CFOs and COOs who increasingly see security investments as risk mitigation for business continuity. The conversation is no longer about “if” a breach will happen, but “where” and “through whom.”
The PYMNTS Intelligence report “The AI MonitorEdge Report: COOs Leverage GenAI to Reduce Data Security Losses” found that the share of chief operating officers (COOs) who said their companies had implemented AI-powered automated cybersecurity management systems leapt from 17% in May 2024 to 55% in August.
Mitigating this risk requires both technology and governance: rigorous vendor vetting, contractual clarity, continuous monitoring, and a corporate culture that treats security as a shared responsibility.
