Over 80 percent of organizations affected by supply chain cyber breaches

A new report from cyber defense company BlueVoyant finds that 81 percent of organizations report they were negatively impacted by a cybersecurity breach within their supply chain over the past twelve months.

Although there has been a promising 17 percentage point year-on year increase (from 19 percent to 36 percent) in respondents reporting they working with third parties at every step to resolve issues, the process remains challenging.

"More organizations than any previous year indicated that their primary focus is no longer on awareness of the third-party risk management problem or adoption of a program, but rather with the operational, day-to-day challenges of managing an effective program," says Joel Molinoff, global head of supply chain defense at BlueVoyant. "While this progress also brings many new challenges, it indicates a major step in the right direction when contrasted with previous years where many organizations had poor tracking of third-party vendors, little to no leadership oversight, and virtually no collaboration when it came to remediating cyber issues."

Of the six sectors evaluated in the survey, healthcare and pharmaceutical companies report the highest rate (87 percent) of being negatively impacted by a breach in their third-party ecosystem over the last twelve months. More than a third of healthcare organizations (36 percent) report having no means to detect threats in third parties, also the highest rate across industries.

Worryingly only 32 percent of third-party vendors are reported to be regularly monitored (1,459 suppliers out of a total of 4,510 on average in this survey). At the same time, 50 percent of organizations say they do not periodically assess all their vendors because of challenges related to resources, technology, and expertise.

"Organizations are making progress in more frequent monitoring of third parties, though challenges in reporting metrics to senior management persist," says Brendan Conlon, global director of supply chain defense at BlueVoyant. "As information security as an industry continues to mature, there will be more focus on the tighter integration of multiple aspects of security operations. This means that third-party cyber risk will inevitably be folded into day-to-day SOC operations and wider risk management programs."

The full report is available from the BlueVoyant site.

Image credit: Chan2545/depositphotos.com