Though the security field is rapidly assimilating promising technologies, such as machine learning and analytics, cyber incidents are not going away. In fact, they’re more prominent and dangerous than ever. A certain amount of risk is inevitable and necessary to conduct business in a world that is still highly reliant upon trust. But, with the average cost of a data breach totaling $3.86 million, organizations can no longer afford to ignore such a glaring issue.
Third-party cyber risk incidents are costly and often avoidable. Organizations that fail to take thoughtful steps to monitor, defend, and prepare for third-party cyber incidents undermine their cybersecurity posture. But how do organizations know what to do and if their strategy for controlling these risks is robust enough to keep them safe?
82% said third-party threats present the most significant risk for exposure. Even though many organizations recognize the hazards posed by third parties, their actions don’t reflect effective mitigation.
In surveying 319 IT security and risk management decision-makers, we found that 82% said third-party threats present the most significant risk for exposure. Even though many organizations recognize the hazards posed by third parties, their actions don’t reflect effective mitigation. We also found that:
Less than half of organizations actively prioritize third-party risk management strategies. While organizations proactively update their own security practices, only about half of respondents said their organizations consciously make improvements to the way they manage third-party risks. Lacking a defined third-party risk management strategy creates the opportunity for a breach, even if internal risk management strategies are otherwise solid and effective.
Organizations share large amounts of critical data with third parties. As if hackers needed more reason to attack, respondents reported sharing almost a third of their organization’s critical data, which is data that’s considered essential to the organization’s mission, with various third parties. Critical data may include customer information, sales data, or other forms of intellectual property. The percentage is expected to rise to 41% over the next five years, which makes prioritizing third-party risk even more important to prevent data from falling into the wrong hands.
Lacking a defined third-party risk management strategy creates the opportunity for a breach, even if internal risk management strategies are otherwise solid and effective.