free counter

Report: 54% of organizations breached through thirdparties within the last 12 months

Were you struggling to attend Transform 2022? Have a look at all the summit sessions inside our on-demand library now! Watch here.

Cyberattacks via an organizations vendors or suppliers are greatly underreported. In accordance with new research from Ponemon Institute and Mastercards RiskRecon,only 34% of organizations are confident their suppliers would notify themof a breach of these sensitive information.

Organizations are influenced by their third-party vendors to supply such important services as payroll, software development or data processing. However, with no strong security controls set up, vendors, suppliers, contractors or business partners can put organizations at an increased risk for a third-party data breach.

Unfortunately, new research by Ponemon Institute and Mastercards RiskRecon provides evidence that third-party data breaches could be underreported, as only 34% of organizations are confident their vendors would notify them of a data breach involving their sensitive information.

Image source: RiskRecon

This can help explain whyweak third-party security controls continue being a chink in the armor for enterprises, as59% of respondents concur that their organizations have observed a data breach due to among their third parties, with 54% occurring previously 12 months.


MetaBeat 2022

MetaBeat provides together thought leaders to provide help with how metaverse technology will transform just how all industries communicate and conduct business on October 4 in SAN FRANCISCO BAY AREA, CA.

Register Here

The problem extends downstream aswell, as 38% of organizations say the breach was due to among their Nthparties, indicating the flaws in third parties security controls which are in place for his or her vendors and partners. Consequently, only 21% of organizations are confident that their Nth party would notify them of a breach.

There are many key guidelines organizations should follow to mitigate third-party cyber-risk, the research shows more work must be done. Included in these are creating and maintaining a listing of most third parties and sometimes evaluating their security and privacy controls. Unfortunately, the study discovered that only 36% of organizations achieve this when entering a relationship, while only 43% regularly review those controls.

The principal reasons organizations aren’t following such guidelines are insufficient accountability and involvement by boards of directors. Surprisingly, only 18% of organizations report that the CISO is accountable, while 35% report that third-party cyber-risk isn’t a board-level priority.

The RiskRecon 2022 Data Risk in the Third-Party Ecosystem study is founded on a survey of just one 1,162 IT also it security professionals in THE UNITED STATES and Western Europe conducted by the Ponemon Institute from May 2 June 30, 2022.

Browse thefull reportfrom RiskRecon and Ponemon Institute.

VentureBeat’s mission is usually to be an electronic town square for technical decision-makers to get understanding of transformative enterprise technology and transact. Discover our Briefings.

Read More

Related Articles

Leave a Reply

Your email address will not be published.

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker