If your organization is like most, then it works with third-party suppliers. Yet not everyone fully comprehends the cyber risk that comes along with doing so, and how serious the problem has become in 2020.
A combination of supply chain complexity, increased cloud storage, new data privacy regulations, remote work and rising cyberattacks have created the perfect storm for third-party cyber risk—and the numbers bear this out.
Still need to be convinced about why third-party security management is so crucial to businesses? Here are 6 recent revealing facts to consider:
According to a recent Gartner report, the median organization contracts with 5,000 third parties. In addition, 72% of compliance leaders expect that number to increase by 2022.
The ramifications of these numbers are consequential because working with third parties increases an organization’s attack surface, which leaves it more vulnerable to cyberattacks through third parties. Bottom line? The more third parties you work with, the greater the cyber risk.
Cyberattacks have increased significantly in the wake of coronavirus. According to Zscaler, in March alone, there was a 30,000% increase in COVID-19 related attacks and malware.
Many of these attacks exploited the “new normal” of businesses working from home, with far less security in place than at the office. In fact, 51% of companies experienced more phishing attacks due to employees working remotely (Barracuda).
Small supply chain partners have been particularly vulnerable to such attacks, because they often lack the necessary security know-how and human resources.
According to a recent Gartner report, the majority of data breaches and cyberattacks exploit third-party cyber gaps. The report found that in 2019, 44% of companies experienced a significant data breach through a third-party vendor. (Source: “Procurement on the Front Lines: New Trends in Data Privacy and Cybersecurity Risks,” May 26, 2020.)
Similarly, Deloitte reported that 83% of organizations experienced a third-party incident in the past three years, with 11% causing a severe impact on customer service, financial position, reputation or regulatory compliance.
These statistics illustrate why it’s so important to have a comprehensive third-party security management process in place that pinpoints cyber gaps and helps close them.
You might think that financial institutions are, by definition, the most secure and hence the least likely to suffer a cyberattack. However, according to Carbon Black, 33% of surveyed financial institutions said they’ve encountered island hopping, an attack where supply chains and partners are commandeered to target the primary financial institution.
This is only one example. Organizations of all sizes and from all industries are susceptible to third-party cyberattacks.
Your organization has a lot to lose from a data breach—and it’s not just customer trust. According to the aforementioned Gartner report, having a third party involved in cyber incidents has the effect of making them both more expensive and more frequent. In fact, the report concluded that a data breach is $700,000 more expensive when a third party is involved.
One Gartner report recently pointed out that the last 12 months have seen more changes in privacy than the entire century before it. With regulations like GDPR, CCPA, the New York Shield Act and many more, organizations are struggling to keep up and to make sure that their third parties comply as well.
These regulations are being enforced, and the penalties can be substantial. According to Help Net Security, 340 GDPR fines have been issued totaling over £150 million since May 2018—and that’s just one regulation.
Clearly, it’s important to have a thorough and scalable third-party security management program in place like Panorays, which considers the entire lifecycle of vendor management.
To address the issues above, Panorays provides the following:
Want to learn more about how Panorays can reduce your third-party cyber risk? Schedule a demo today.