Monitoring third-party security is a major concern for enterprises
The results show that when it comes to tracking third-party risk, critical data loss or exposure (63 percent) and the threat of cyber attacks (62 percent) rank as the top concerns. These come above standard business issues, including whether the supplier could deliver the quality of service they were contracted for.
It also shows that the majority of IT decision makers believe that continuous third-party monitoring would have a major improvement on their security effectiveness in key areas. These include event identification time (76 percent), event remediation time (72 percent) and response times to high-profile events (71 percent).
However, whilst it's a major concern the findings also suggest that many businesses suffer a lack of resources to actively monitor and manage third parties. Only 37 percent of survey respondents reported tracking third-party security metrics on a monthly basis. This is despite the fact that 63 percent of respondents believe continuous third-party monitoring would improve their ability to screen vendors based on risk.
The landscape is changing though with 79 percent of respondents reporting that ensuring business partners and third parties comply with their security requirements is a top IT security priority over the next 12 months.
"The supply chain has become a cyber security minefield for companies, as we've seen with breaches caused by third-party vendors at Target, Neiman Marcus, Goodwill, Home Depot and many more," says Stephen Boyer, CTO and co-founder of BitSight Technologies. "Continuous, data-driven monitoring of third-party security vulnerabilities and threats has become essential for effective vendor risk management".
The full report is available to download from the BitSight website.