Press

54% of Companies Have Experienced Third-Party Breach in the Past Year, 40% Struggle with Handling Those Risks Due to Budget Constraints

Published on
August 1, 2024

New York, NY, August 1, 2024 – CyberRisk Alliance’s latest Cybersecurity Buyer’s Intelligence Report (CBIR), sponsored by AuditBoard and titled “From Trust to Security: Third-Party Risk Management Strategies and Challenges,” reveals the growing importance of third-party risk management in enterprise IT environments. The research synthesizes experiences of security practitioners who participated in a CyberRisk Alliance survey, giving a look into how others are navigating the third-party risk landscape and strengthening their cybersecurity posture.

Key findings from the report include:

  • Lack of Clear and Cohesive Insight: Surveyed organizations struggle to maintain a clear inventory of third-party partners, with many dealing with hundreds of external entities. This fragmentation complicates efforts to enforce cohesive security policies.
  • Third-Party Breach Risks: Most data breach incidents originate from third-party sources, such as partners and service providers. Inadequate control over data handling by these partners remains a significant vulnerability.
  • Challenges in Verification and Trust: Regular assessments of third-party security practices are lacking. Nearly half of the surveyed organizations do not conduct in-depth risk assessments, and confidence in the security measures of fourth-party subcontractors is particularly low.
  • Underinvestment in Third-Party Security: Despite high concern among security professionals about third-party data security, only 13% of organizations make significant investments in this area, with over 40% allocating minimal to no budget.

As echoed by those surveyed in the CBIR report, effective third-party risk management is critical for securing evolving IT operations. Without insight into how their data is accessed and handled by third-party partners, organizations remain vulnerable to significant security risks.

"Our findings reveal a stark reality: third-party partners pose a significant risk to enterprise security, yet investments in mitigating these risks are woefully inadequate,” said Bill Brenner, Senior Vice President of Content Strategy at CyberRisk Alliance. “Our research shows that organizations need to prioritize gaining a clear understanding of their data exposure landscape and implement robust oversight mechanisms. Without these proactive measures, they remain susceptible to potentially devastating breaches."

The findings from this report are a wake-up call for enterprises to take immediate action in fortifying their third-party risk management practices. By addressing the gaps in oversight and making necessary investments, organizations can better protect their data and ensure a more secure IT environment.

For more information and to access the full report, visit https://www.scmagazine.com/whitepaper/third-party-risk-management-strategies-and-challenges.

About AuditBoard

AuditBoard is the leading cloud-based platform transforming audit, risk, ESG, and InfoSec management. Nearly 50% of the Fortune 500 leverage AuditBoard to move their businesses forward with greater clarity and agility.

Learn more at www.auditboard.com.  

About CyberRisk Alliance

CyberRisk Alliance provides business intelligence that helps the cybersecurity ecosystem connect, share knowledge, accelerate careers, and make smarter and faster decisions. Through our trusted information brands, network of experts, and innovative events we provide cybersecurity professionals with actionable insights and act as a powerful extension of cybersecurity marketing teams. Our brands include SC Media, the Official Cybersecurity Summits, TECHEXPO Top Secret, Security Weekly, InfoSec World, Identiverse, Cybersecurity Collaboration Forum, Cybersecurity Collaborative, ChannelE2E, MSSP Alert, and LaunchTech Communications.  

Learn more at www.cyberriskalliance.com.  

We're Here to Help

From news, analysis, and insight, to events, communities, custom content and marketing solutions, the CyberRisk Alliance portfolio provides support to the entire cybersecurity ecosystem. We'd love to help support your goals.