Third-Party Risk: A Turbulent Outlook

Findings from December 2021 Research Study by the Cyber Risk Alliance

While data breaches are commonplace, occasionally there’s an attack so audacious that its impact reverberates long after the initial jolt. Such was the case with the SolarWinds supply chain breach, in which a nation-state surreptitiously inserted eavesdropping malware into an Oklahoma software maker’s IT performance management solution used by governments and major enterprises.

While IT security teams scrambled to determine and limit their own exposure, the SolarWinds breach had a detrimental downstream impact since the attackers also accessed users’ customer data. Thus, organizations — from small businesses to huge government agencies — were reminded of how vulnerable they are to cyberattacks through service providers and software with privileged access.

This report, based on a study conducted by the Cyber Risk Alliance and sponsored by Trava, reveals insights

  • Based on responses from IT and cybersecurity decision-makers and influencers who stated their organization worked with third-party partners.
  • About how well organizations understand and manage risks associated with third-party partnerships.
  • Forecasting plans to address third-party risk based on our current economic and mid-pandemic climate.