Articles about third-party risk

As organizations increasingly rely on third-party vendors, open-source components, and cloud services to bolster efficiency and scalability, they also open themselves to risks.

Historically they've relied on CVSS scores to measure the severity of risks, but a new report from Black Kite suggests that this method alone is not enough.

Continue reading →

Third-party risk has emerged as a dominant driver of cyber insurance claims and material losses in 2024, according to new data from leading cyber risk solutions company Resilience.

Cyber insurance claims data shows that third-party risk, including ransomware and outages affecting vendors, accounted for 31 percent of all claims in 2024. Even more startling, third-party risk led to claims with incurred losses for the first time ever, making up nearly a quarter (23 percent) of incurred claims in 2024 (compared to none in 2023).

Continue reading →

New analysis released by SecurityScorecard reveals that 97 percent of the top 100 US banks have experienced a third-party data breach in the past year.

As banks increasingly rely on third-party vendors for core functions, their exposure to supply chain vulnerabilities increases. Using the largest proprietary risk and threat intelligence dataset, SecurityScorecard's experts analyzed how third-party breaches impact the banking sector.

Continue reading →

While businesses understand that third-party JavaScript tags collect information, only 13 percent are confident they understand what information they collect and only 26 percent are aware that tags can leak their private user data to other organizations.

A new report from the Jscrambler platform for client-side protection, with research conducted by Dimensional Research, shows 97 percent of respondents say they know that third-party tags collect sensitive or private information regularly.

Continue reading →

Trust management platform Vanta is launching new tools to help businesses understand their risk posture, particularly with regard to third-parties.

Report Center provides a real-time view into the state of a business' security and compliance program. It can automatically collect and visualize data across the entire security program, including risk management, vendors, compliance, personnel and trust.

Continue reading →

Third-party browser scripts are the code snippets that organizations put into their websites to run ads, analytics, chatbots, etc -- essentially anything that isn't coded by the organization itself.

Which sounds innocuous enough, but these scripts are increasingly being used as a vector for cyberattacks. We spoke to Simon Wijckmans, CEO of c/side, to understand how these attacks operate and what can be done to defend against them.

Continue reading →

I may not care for Las Vegas in the heat of August, yet I would come back as everything I need to learn and everyone I need to see face to face is at Black Hat.

Concentrated in one week, I meet customers, learn from their feedback, understand how they view the market, the security industry, what we are doing right and what we should change. With so much to talk about and so much to learn, you often leave the conference feeling like you have only just touched the surface. That being said, this year's discussions provided insights into the most critical sectors for the cybersecurity industry to remain resilient and continue to be ever evolving. If there are three things that were talked about, these are the most important to take away and bring back to your boardroom.

Continue reading →

A new study from Prevalent shows third-party Breaches have risen 49 percent year-on-year, increasing threefold since 2021.

The survey of IT professionals conducted in February and March this year shows 61 percent of companies experienced a third-party data breach or cybersecurity incident last year.

Continue reading →

A new report from Black Kite shows how third-party data breaches create critical weak spots in extended networks, potentially leaving businesses open to cyber attacks, which can have a negative ripple effect across the organization and its stakeholders.

The report is based on analysis of 81 vendor breaches impacting 251 companies in 2023. Unauthorized network access was the leading cause of breaches, accounting for over half (53 percent) of third-party breach incidents. This represents a 26 percent increase from 2022, with ransomware being the most common method of compromise.

Continue reading →

A new Third-Party Risk Report from secure enterprise browser tech company Talon Cyber Security focuses on the ways in which third-party workers increase security risks and organizations vulnerable to data breaches.

Talon surveyed 258 third-party workers, including contractors and freelancers, and finds 89 percent work from personal, un-managed devices, which organizations lack visibility into and therefore cannot enforce the enterprise’s security posture on.

Continue reading →

Choosing a partner business with a poor security posture makes an organization 360-times more likely to be at risk compared to choosing a top security performer, according to a new study.

The risk surface research from Cyentia Institute and RiskRecon shows that single demographic factors, such as industry, size and region, aren't enough to assess the risk posed by third parties.

Continue reading →

A new study into third-party risk management shows that 45 percent of organizations experienced a third-party security incident in the last year.

But the report from Prevalent also also reveals that eight percent of companies don't have a third-party incident response program in place, while 23 percent take a passive approach to third-party incident response.

Continue reading →

A new report from compliance and risk management firm Kiteworks shows 51 percent of organizations are inadequately protected against third-party security and compliance risks related to sensitive content communications.

It also reveals that most organizations share sensitive content with a long list of third-party entities. Two-thirds do so with more than 1,000 third parties, while one-third have over 2,500.

Continue reading →