Third-Party Cyber Risk Looms Large for Companies with Outside Service Providers, Part 1

Get the highlights from recent Third-party Risk report by the Cyber Risk Alliance.

In this three-part series, we report on a just-released CyberRisk Alliance survey titled Third Party Risk: A Turbulent Outlook: Findings from a December 2021 Research Study, sponsored by Trava. Here, we reflect on the state of the industry when it comes to third-party cyber risk.

Are you confident in your company’s cyber security? What about that of your vendors, partners, brokers, contractors, distributors, agents, and resellers? Any company with outside service providers and software with privileged access is vulnerable to cyberattack. If your partner organization has network permissions, its risk can become your own. 

Hackers know the best way to get to a big target may be through a smaller one. But how aware of this risk are the companies themselves? To determine where businesses stand when it comes to third-party cyber risk, CyberRisk Alliance surveyed 301 IT and cybersecurity professionals whose organizations worked with third-party partners. Two-thirds of those surveyed worked for organizations of 1,000 employees or less. Most (86%) had security teams of 20 or fewer, and 14% had larger security operations centers.

Perhaps it should be no surprise that 95% reported partnerships with IT software, platform, or service providers, “suggesting a growing reliance on technology companies that historically secure code by default, not design, in a rush to market,” according to the survey. In all, 76% of respondents had up to 25 different partners; one in six large or enterprise organizations had more than 50. 

Third Party Risk: A Turbulent Outlook revealed the following findings:

Fortunately, organizations are finding ways to identify and mitigate the risks third parties create. In part two of this series, we examine survey respondents greatest concerns about third-party cyber risk. In part three, we present the top seven third-party risk management practices employed by organizations surveyed. 

Source: CyberRisk Alliance, Third Party Risk: A Turbulent Outlook: Findings from a December 2021 Research Study, January 2022. Download the report.