CyberRisk Alliance’s latest Cybersecurity Buyer’s Intelligence Report (CBIR), sponsored by AuditBoard and titled “From Trust to Security: Third-Party Risk Management Strategies and Challenges,” reveals the growing importance of third-party risk management in enterprise IT environments. The research synthesizes experiences of security practitioners who participated in a CyberRisk Alliance survey, giving a look into how others are navigating the third-party risk landscape and strengthening their cybersecurity posture.
Also Read: Intel’s Lunar Lake Processors: Arriving Q3 2024
Key findings from the report include:
- Lack of Clear and Cohesive Insight: Surveyed organizations struggle to maintain a clear inventory of third-party partners, with many dealing with hundreds of external entities. This fragmentation complicates efforts to enforce cohesive security policies.
- Third-Party Breach Risks: Most data breach incidents originate from third-party sources, such as partners and service providers. Inadequate control over data handling by these partners remains a significant vulnerability.
- Challenges in Verification and Trust: Regular assessments of third-party security practices are lacking. Nearly half of the surveyed organizations do not conduct in-depth risk assessments, and confidence in the security measures of fourth-party subcontractors is particularly low.
- Underinvestment in Third-Party Security: Despite high concern among security professionals about third-party data security, only 13% of organizations make significant investments in this area, with over 40% allocating minimal to no budget.
Also Read: Rethinking Business Intelligence: 3 Imperatives for CEOs
As echoed by those surveyed in the CBIR report, effective third-party risk management is critical for securing evolving IT operations. Without insight into how their data is accessed and handled by third-party partners, organizations remain vulnerable to significant security risks.
“Our findings reveal a stark reality: third-party partners pose a significant risk to enterprise security, yet investments in mitigating these risks are woefully inadequate,” said Bill Brenner, Senior Vice President of Content Strategy at CyberRisk Alliance. “Our research shows that organizations need to prioritize gaining a clear understanding of their data exposure landscape and implement robust oversight mechanisms. Without these proactive measures, they remain susceptible to potentially devastating breaches.”
The findings from this report are a wake-up call for enterprises to take immediate action in fortifying their third-party risk management practices. By addressing the gaps in oversight and making necessary investments, organizations can better protect their data and ensure a more secure IT environment.
[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]