Third-party data breaches rise almost 50 percent

A new study from Prevalent shows third-party Breaches have risen 49 percent year-on-year, increasing threefold since 2021.

The survey of IT professionals conducted in February and March this year shows 61 percent of companies experienced a third-party data breach or cybersecurity incident last year.

"What stands out in our report isn't only the number of breaches, which is the highest we’ve tracked, but also the scale," says Prevalent CEO Kevin Hickey. "Breaches in 2023 impacted huge supply chains -- from Okta and LastPass to Change Healthcare and PJ&A -- exposing sensitive records of millions of people worldwide. There has never been a more urgent time to take third-party security more seriously."

The report finds that companies are relying on multiple tools leading to a lack of coordination, leaving their supply chains unguarded. Only a third of respondents say their third-party security programs are highly coordinated.

"Although most organizations report having TPRM programs in place, half still rely on spreadsheets and use a patchwork of tools to assess their vendors," says Prevalent COO Brad Hibbert, adding that 60 percent of respondents are not using a dedicated TPRM platform.

While the survey respondents' average number of third parties is 3,200, they report assessing or monitoring only 33 percent of those vendors. More than 62 percent of respondents report understaffing as the biggest obstacle to better safeguarding their organizations from third-party breaches. The average respondent says they need double their current staff dedicated to third-party security.

While nearly 90 percent of companies track risks from the sourcing and selection phases, fewer than 80 percent track service-level agreements (SLAs) and offboarding risks later in the relationship lifecycle.

The full report is available from the Prevalent site.

Image credit: Weerapat Wattanapichayakul/dreamstime.com