80 percent of organizations have experienced a third-party breach

No Comments

Data breach

Organizations are suffering from a lack of visibility into their supply chain and 8 percent experienced a breach that originated from vulnerabilities in their vendor ecosystem in the past year.

A new report from cybersecurity services company BlueVoyant, based on research carried out by Opinion Matters, shows that only 22.5 percent of organizations monitor their entire supply chain and just 32 percent re-assess and report their vendor’s cyber risk position either six-monthly or annually.

"That four in five organizations have experienced recent cybersecurity breaches originating in their vendor ecosystem is of huge concern," says Jim Penrose, COO of BlueVoyant. "The research clearly indicated the reasons behind this high breach frequency: only 23 percent are monitoring all suppliers, meaning 77 percent have limited visibility and almost one-third only re-assess their vendors’ cyber risk position six-monthly or annually. That means in the intervening period they are effectively flying blind to risks that could emerge at any moment in the prevailing cyber threat environment."

The top three problems with managing third-party risk are cited as, managing the volume of alerts generated, working with suppliers to improve security performance and prioritizing which risks are urgent and which are not.

The business services sector is suffering the highest rate of breaches, with 89 percent saying they have been breached via a weakness in a third-party in the past 12 months. The average number of incidents experienced in the past 12 months was also highest in this sector, at 3.6. This is undoubtedly partly down to the fact that firms in the sector reported working with 2572 vendors, on average. In contrast, only 57 percent of respondents from the manufacturing sector say they had suffered third-party cyber breaches in the past 12 months.

Penrose adds, "This underlines that there is no one-size-fits-all solution to managing third-party cyber risk. Different industries have different needs and are at varying stages of maturity in their cyber risk management programs. This must be factored into attempts to improve performance so that investment is directed where it has the greatest impact."

The full report is available from the BlueVoyant site.

Image credit: Den Rise / Shutterstock

No Comments

Comments are closed.

Got News? Contact Us

Recent Headlines

TEAMGROUP unveils MP44Q M.2 PCIe 4.0 SSD

Cyberwarfare incidents reported by almost half of UK firms

Ransomware, meet DRaaS: The future of disaster mitigation

Get 'Modern DevOps Practices -- Second Edition' (worth $39.99) for FREE

Number of ransomware victims up 20 percent in first quarter of 2024

Low-code tools boost developer productivity

Cisco warns of serious CLI command injection vulnerability in its Integrated Management Controller

Most Commented Stories

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.4.0 'pl'

60 Comments

Windows 11 slammed for its 'comically bad' performance even on high-end hardware

18 Comments

Outrageous: Microsoft to charge $61 for Windows 10 updates -- consider switching to Linux!

17 Comments

Microsoft 'improves' Windows 11 by bringing ads to the Start menu in the US

16 Comments

Microsoft is up to its old tricks yet again -- Windows 10 users harassed with full-screen Windows 11 upgrade warnings

16 Comments

Easter giveaway! Get a licensed copy of 'VideoProc Converter for Windows/Mac' (worth $78.90) for FREE

10 Comments

EndeavourOS ARM discontinued: A huge loss for the Linux community

9 Comments

Install the KB5035942 update for Windows 11 to gain all of the Moment 5 features right now

8 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.