< Back to Blog
7 Revealing Third-Party Risk Statistics Every CISO Should Know
Security Best Practices & Advice

7 Revealing Third-Party Risk Statistics Every CISO Should Know

By Elad Shapira Nov 08, 20183 min read

Plenty of companies work with third-party suppliers, but not everyone fully comprehends how doing so significantly impacts a company’s cyber risk.

As we are inundated with news reports about massive third-party data breaches, it’s important to understand why they keep happening, and why third-party security management is so crucial to businesses. Here are seven eye-opening facts to be aware of:

1. The severity of data breaches is increasing.

While we have yet to find out the total number of breaches in 2018, we already know that the number of records compromised during the first half of this year increased by 133 percent over the same time in 2017.  Gemalto reports figures that are absolutely staggering: During the first six months of this year, more than 25 million records were compromised or exposed every day, or 291 records every second.

2. The cost of data breaches is increasing for smaller businesses.

Even though the absolute cost of data breaches is lower for SMBs compared to large companies, the rate of increase is significantly higher, and is quickly reaching an unbearable percentage of revenues. According to Kaspersky, the average enterprise pays $1.23 million per incident, up 24% from 2017. Meanwhile, SMBs spend about $120K per incident, amounting to an increase of 36% from last year.

3. Attacks involving compromised third parties are prolific.

A recent report by Carbon Black indicates that island hopping, a technique using third-party providers to find a path into the actual target, was used in half of all incidents they’ve investigated in 2017. 

4. Most security professionals think they’ve been breached through third parties.

You read that right: They think they’ve been breached, but they’re not always completely sure. According to Bomgar, 66% of security professionals think that it’s possible or definite that they suffered a breach through third-party access. 

5. The number of third parties that access IT systems is increasing.

In the past year, three-quarters of organizations have increased the number of vendors accessing IT systems (Bomgar). As a result, keeping track of the information shared with third parties and monitoring their security posture is virtually impossible using existing tools, such as manual data collection and reviews. The consequence is that organizations are becoming more susceptible to third-party breaches. 

6. Third parties have widespread access to company data.  

In small to medium enterprises with 200–499 employees, over a quarter have the same number of third-party vendors logging into their network in a typical week as they have employees (Bomgar). In large enterprises of 5,000+ employees, around one in eight don’t know how many vendors are logging into their network in a typical week. 

7. Most businesses don’t require third parties to comply with their privacy policies.

This fact is according to a 2018 report from PwC, and it might explain at least part of the problem: A shocking number of organizations are not doing all that should be done to prevent third-party data breaches. 

Want to learn how Panorays can help you reduce your third-party cyber risk? Contact us for more information. 

humbnail
Elad Shapira

Elad Shapira is Head of Research at Panorays. As a cybersecurity lecturer and self-described geek, he likes hardware hacking, low level development, playing Capture the Flag and making and breaking things.

You may also like...
Securing Your Suppliers: Building the Right Password Policy
Oct 14, 2020 Securing Your Suppliers: Building the Right Password Policy Elad Shapira
Securing Your Suppliers: Preventing Phishing Attacks
Oct 06, 2020 Securing Your Suppliers: Preventing Phishing Attacks Elad Shapira
Third-Party Cyber Risk: 6 Facts Every CISO Should Know
Jul 28, 2020 Third-Party Cyber Risk: 6 Facts Every CISO Should Know Elad Shapira
Get our latest posts straight to your inbox Subscribe

We use cookies to ensure you get the best experience on our website. Visit our Privacy Policy for more information.