The Cost of Third-Party Cybersecurity Risk Management

by CyberGRX

Download the Report

Third parties are inundated with assessments and enterprises aren't getting the insights they need - and the cost of failure is high.

In the past two years, 82% of organizations have experienced one or more data breaches caused by a third party, costing an average of $7.5 million to remediate.


of organizations believe vetting third parties is critical. However, 60% of organizations believe they are only somewhat or not effective at vetting third parties.

Third parties spend 15,000+ hours completing assessments each year

Enterprises only take action on 8% of the assessments they receive.

Retail & Financial Services

Reported the most third-party breaches, despite the fact that their third parties spend more than 16,500 hours a year filling in manual assessments.

Health & Pharma

are most likely to use a combination of tools to assess their third parties and less likely to have a third-party breach.


of organizations use manual procedures like spreadsheets and 51% employ risk scanning tools to vet their third parties.

Over 54%

of respondents said the results of these tools provide, at best, only somewhat valuable information.

The cost of failing to vet and evaluate third parties effectively is $13,000,000 (costs include potential impact on reputation and brand, decreases in share value, loss of business, etc.)