New Research Measures “Third Party” Risks to Businesses
A new survey points to widespread uncertainty around IT security risks as companies turn to outsourced offerings as a means of building up their value propositions – a trend that has gained momentum amid Covid-19 and labor shortages. The report says that expansion has broadened attack surfaces as threat actors target weaker vendors with strong market penetration to quietly surveil and paralyze systems.
According to a recent survey from CRA Business Intelligence, the research and content arm of cybersecurity information services company CyberRisk Alliance, 60% of respondents experienced an IT security incident in the past two years due to a third-party partner with access privileges and were most likely to have sensitive data stolen or suffered some type of business outage. While 52% of those who experienced third-party related attacks indicated they less lost less than $100,000 in damages, another 45% incurred higher costs, with a few paying $1 million or more. More than 70% believed that tracking components, sub-assemblies, and final products are very or critically important. But respondents lamented that such visibility is severely limited.
More than three out of four (76%) IT leaders and influencers rated managing third- party risk as a high or critical priority at their organizations—for most respondents (74%) this priority has increased in importance since 2020, when the pandemic created major micro and macro business disruptions, including supply and workforce shortages.
“Having started my compliance career in third-party vendor management in 2003, I’m still surprised at the lack of visibility into the risk that third-party suppliers pose to organizations,” said Matt Alderman, EVP of CyberRisk Alliance’s Business Intelligence Unit. “This research confirms that third-party risk is a critical component of your overall risk management program, especially considering recent attacks. With increasing damages and outages, it’s time for organizations to manage the risk of their third-party suppliers.”
The survey was conducted in late fall 2021 among more than 300 IT and cybersecurity decision-makers and influencers who use third parties.
Channel Impact®
Companies have little visibility into the security of the third parties they use, and partners may be in a prime position to mitigate those risks.
Stay in the Know
Keep tabs on what’s happening in the channel and the impact it will have on the partner community by subscribing to Channel Impact communications.
Recent News
Search Buzz
Buzz Categories