The Cost of Third-Party Cybersecurity Risk Management

By CyberGRX

Download the Report

mark

Third parties are inundated with assessments and enterprises aren't getting the insights they need - and the cost of failure is high.

In the past two years, 53% of organizations have experienced one or more data breaches caused by a third party, costing an average of $7.5 million to remediate.

80%80%

of organizations believe vetting third parties is critical. However, 60% of organizations believe they are only somewhat or not effective at vetting third parties.

Third parties spend 15,000+ hours completing assessments each year

Enterprises only take action on 8% of the assessments they receive.

Retail & Financial Services

Reported the most third-party breaches, despite the fact that their third parties spend more than 16,500 hours a year filling in manual assessments.

Health & Pharma

are most likely to use a combination of tools to assess their third parties and less likely to have a third-party breach.

40%

of organizations use manual procedures like spreadsheets and 51% employ risk scanning tools to vet their third parties.

Over 54%

of respondents said the results of these tools provide, at best, only somewhat valuable information.

The cost of failing to vet and evaluate third parties effectively is $13,000,000 (costs include potential impact on reputation and brand, decreases in share value, loss of business, etc.)

CyberGRX

Mark
Mark

Join 5,000+ risk professionals who subscribe to the CyberGRX Newsletter