Report: 54% of organizations breached through a third party in the last 12 months

You can’t attend Transform 2022? View all summit sessions in our on-demand library now! See here.

Cyber ​​attack through vendors or suppliers of an organization is very underreported. According to new research from Ponemon Institute and Mastercard RiskRecon, only 34% of organizations believe their suppliers will notify them violate their sensitive information.

Organizations depend on their third-party vendors to provide critical services such as payroll, software development, or data processing. However, without tight security controls, vendors, suppliers, contractors or business partners can put the organization at risk. third party data breach.

Unfortunately, new research by the Ponemon Institute and Mastercard’s RiskRecon provides evidence that third-party data breaches can be under-reported, as only 34% of organizations believe their suppliers will inform them about a data breach regarding their sensitive information.

Image source: RiskRecon

This helps explain why weak third-party security controls continue to be an aspect of businesses, as 59% of respondents confirm that their organization has encountered one. data breach incidents caused by one of their third parties, with 54% having occurred in the past 12 months.


MetaBeat 2022

MetaBeat will bring together thought leaders to deliver guidance on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.

register here

This problem extends downstream as well, as 38% of organizations say the breach was caused by one of their “Nth parties”, indicating vulnerabilities in third-party security controls that are exposed. applies to suppliers and their partners. As a result, only 21% of organizations trust their Nth party to notify them of a breach.

There are several best practices that organizations should follow to mitigate third-party cyber risks, however, research shows more work needs to be done. These include creating and maintaining a directory of all third parties and regularly evaluating their security and privacy controls. Unfortunately, research shows that only 36% of organizations do so when entering a relationship, while only 43% regularly review such controls.

The main reasons that organizations do not follow such best practices are lack of accountability and involvement by the board of directors. Surprisingly, only 18% of organizations reported that CISOs were held accountable, while 35% reported that third-party cyber risk was not a board-level priority.

RiskRecon 2022 Data Risks in Third Party Ecosystems study based on a survey of 1,162 IT and IT security professionals in North America and Western Europe conducted by Ponemon Institute from May 2 to June 30 year 2022.

Read Full report from RiskRecon and the Ponemon Institute.

VentureBeat’s mission is a digital city square for technical decision-makers to gain knowledge of transformative enterprise technology and transactions. Explore our summary report.

Source link


Goz News: Update the world's latest breaking news online of the day, breaking news, politics, society today, international mainstream news .Updated news 24/7: Entertainment, the World everyday world. Hot news, images, video clips that are updated quickly and reliably.

Related Articles

Back to top button