93 percent of businesses experience breaches caused by third-party vendors

A new study reveals that 97 percent of firms surveyed have been negatively impacted by a cybersecurity breach that occurred in their supply chain and 93 percent have suffered a direct cybersecurity breach.

The third-party cyber risk survey form BlueVoyant also shows the average number of breaches experienced in the last 12 months grew from 2.7 in 2020 to 3.7 in 2021 -- a 37 percent year-on-year increase.

The increasing level of breaches has led to a change in attitude, with just 13 percent of companies saying that third-party cyber risk is not a priority, compared to last year when 31 percent of said that supply chain and third-party cyber risk was not on their radar. 91 percent say that their budget for third-party cyber risk management is increasing in 2021 too.

Worryingly though, 38 percent of respondents say that they have no way of knowing when or if an issue arises with a third-party supplier's cybersecurity, compared to 31 percent last year.

Adam Bixler, global head of third-party cyber risk management at BlueVoyant, says, "Even though we are seeing rising awareness around the issue, breaches and the resulting negative impact are still staggeringly high, while the prevalence of continuous monitoring remains concerningly low. Third-party cyber risk can only become a strategic priority through clear and frequent briefings to the senior executive team and the board."

The healthcare sector shows the highest rate of third-party cyber risk awareness with 55 percent saying identifying risk is a key priority, compared to an average of 42 percent. However, this sector also reports high breach figures, with 29 percent reporting six to 10 breaches in the last 12 months, compared to a 19 percent average.

Manufacturing businesses are least likely to identify supply chain/third-party cybersecurity risk as a key priority and are most likely to be reporting on an annual basis only.

"Our research shows that there are large concentrations of unknown third-party cyber risk across vertical sectors, supply chains and vendors worldwide, and organizations are regularly experiencing vendor-originated breaches," Bixler adds. "While budgets are rising, the critical question is where funds should be directed to make a tangible impact to reduce third-party cyber risk, helping to close the gaps in visibility, strategy, and monitoring."

The full report is available from the BlueVoyant site.

Image Credit: frank_peters/ Shutterstock