7 Revealing Third-Party Risk Statistics Every CISO Should Know

Plenty of companies work with third-party suppliers, but not everyone fully comprehends how doing so significantly impacts a company’s cyber risk.

As we are inundated with news reports about massive third-party data breaches, it’s important to understand why they keep happening, and why third-party security management is so crucial to businesses. Here are seven eye-opening facts to be aware of:

1. The severity of data breaches is increasing.

While we have yet to find out the total number of breaches in 2018, we already know that the number of records compromised during the first half of this year increased by 133 percent over the same time in 2017.  Gemalto reports figures that are absolutely staggering: During the first six months of this year, more than 25 million records were compromised or exposed every day, or 291 records every second.

2. The cost of data breaches is increasing for smaller businesses.

Even though the absolute cost of data breaches is lower for SMBs compared to large companies, the rate of increase is significantly higher, and is quickly reaching an unbearable percentage of revenues. According to Kaspersky, the average enterprise pays $1.23 million per incident, up 24% from 2017. Meanwhile, SMBs spend about $120K per incident, amounting to an increase of 36% from last year.

3. Attacks involving compromised third parties are prolific.

A recent report by Carbon Black indicates that island hopping, a technique using third-party providers to find a path into the actual target, was used in half of all incidents they’ve investigated in 2017. 

4. Most security professionals think they’ve been breached through third parties.

You read that right: They think they’ve been breached, but they’re not always completely sure. According to Bomgar, 66% of security professionals think that it’s possible or definite that they suffered a breach through third-party access. 

5. The number of third parties that access IT systems is increasing.

In the past year, three-quarters of organizations have increased the number of vendors accessing IT systems (Bomgar). As a result, keeping track of the information shared with third parties and monitoring their security posture is virtually impossible using existing tools, such as manual data collection and reviews. The consequence is that organizations are becoming more susceptible to third-party breaches. 

6. Third parties have widespread access to company data.  

In small to medium enterprises with 200–499 employees, over a quarter have the same number of third-party vendors logging into their network in a typical week as they have employees (Bomgar). In large enterprises of 5,000+ employees, around one in eight don’t know how many vendors are logging into their network in a typical week. 

7. Most businesses don’t require third parties to comply with their privacy policies.

This fact is according to a 2018 report from PwC, and it might explain at least part of the problem: A shocking number of organizations are not doing all that should be done to prevent third-party data breaches. 

Want to learn how Panorays can help you reduce your third-party cyber risk? Contact us for more information.