Breaches that reach a business through trusted third-party relationships — including SaaS vendors, integrations, AI tools, and “Connect with Google” style app permissions — have become a much larger risk, according to a new roundup of 2025 industry data compiled by IM Dominator. Third-party involvement now appears in 30% of breaches, up from 15% the year before, based on the 2025 Verizon Data Breach Investigations Report.
The analysis argues that small online businesses — affiliates, course creators, newsletter operators, and solo agencies — face the same connected-app exposure as large companies but have the fewest resources to manage it. While stolen credentials remain the single most common way attackers get in (22% of breaches, per Verizon), the report highlights how a single compromised integration can cascade: in the 2025 Salesloft–Drift incident, attackers reached more than 700 organizations by riding stolen authorization tokens from one connected app, without breaching those organizations directly.
"Most online business owners still think security means a stronger password," said Benjamin Hübner, founder of IM Dominator. "The data says the bigger risk is the dozen apps they connected years ago and forgot about. You don't have a hacker problem — you have an old-access problem. And the good news is it takes an afternoon to fix."
The compiled figures point to a widening gap between risk and readiness. IBM's 2025 Cost of a Data Breach Report found that unmanaged "shadow AI" tools added roughly $670,000 to the average breach, with the vast majority of AI-related incidents lacking basic access controls. Separately, a 2026 analysis from DoControl found that about 40% of "edit" actions inside Google Drive are now performed by non-human identities — automations and AI agents acting under a user's permissions — a category most small operators never think to review.
To help non-technical business owners close the most common gaps, IM Dominator is making its 15-Point AI Security Checklist available free. The checklist covers five categories and fifteen concrete actions — starting with auditing and revoking unused connected-app permissions — and is written for people with no IT background.
"We built it for the person running the whole business from one laptop," Hübner added. "Fifteen actions, five categories, no jargon. Anyone can work through it in an afternoon."
Free 15-Point AI Security Checklist download avaiable here!
Media Contact
Company Name: IM Dominator - Simpletradery Pte Ltd
Contact Person: Benjamin Huebner
Email: Send Email
Phone: 015782342523
Address:NORTH BRIDGE ROAD #B1-35, HIGH STREET CENTRE
City: Singapore
Country: Singapore
Website: https://quicksnappro.com
