Panorays Study Finds 94% of CISOs Are Concerned About Third-party Cyber Threats, Yet Only 3% Have Implemented Security Measures

January 25, 2024

4 Min Read

PRESS RELEASE

NEW YORK (January 25, 2024) – Panorays, a leading provider of third-party security risk management software, has conducted its 2024 CISO Survey of 200 CISOs to determine their sentiments around third-party security management, AI-driven solutions, and challenges they are facing this year. The study found that while 94% of CISOs are concerned with third-party cybersecurity threats – including 17% who view it as a top priority – only 3% have already implemented a third-party cyber risk management solution at their organizations and 33% plan to implement one this year. In 2024, 65% of CISOs expect the third-party cyber risk management budget to increase. Of those respondents, 40% said it would increase from 1-10% this year. 

“CISOs understand the threat of third-party cybersecurity vulnerabilities, but a gap exists between this awareness and implementing proactive measures,” said Matan Or-El, Founder and CEO at Panorays. “Empowering CISOs to swiftly fortify defenses by analyzing and addressing gaps is crucial in navigating the current cyber landscape. After all, with the speed of AI development, bad actors will continue to leverage this technology for data breaches, operational disruptions, and more."

The State of Third-party Security Management

CISOs at very large enterprises (73%) are more concerned about third-party cybersecurity threats compared to mid-size enterprises (47%). Only 7% of CISOs said they were not concerned at all. Of the respondents, 34% are currently implementing a third-party cyber risk management solution and 26% plan to implement a new solution in 2025 or later. Four percent of CISOs said it was not a priority and 3% had never even heard of a third-party cyber risk management solution. While CISOs see the value of implementation, widespread adoption of third-party security solutions is low.

In their organizations, 54% of the team that managed third-party risk included IT, risk, operations or privacy teams, 36% said their security was managed by back office teams (legal, finance and procurement) and 10% outsourced to external service providers. Of the respondents, 79% of the teams were 6 to 20 people and 5% had more than 20 responsible for third-party cyber risk management in their organization.

Implementing AI Solutions

CISOs remain confident that AI solutions can improve third-party security management. Of the respondents, 80% said AI-driven solutions can prevent a significant amount of breaches. When it comes to reducing third-party threats, CISOs use a combination of tools to gain effectiveness. Out of different security options, CISOs rated cyber questionnaires for third parties (73%) and compliance management tools (70%) and API monitoring of third parties in the supply chain (68%) as the most effective tools. 
CISOs also believe that AI solutions are instrumental to safeguarding organizations. The respondents highlighted the effectiveness of AI-driven solutions in enhancing third-party security programs, with key priorities including:

  • 23% focusing on improving supply chain discovery by mapping all 3rd, 4th, and Nth parties

  • 21% aiming to enhance asset discovery of third parties, reducing false positives and false negatives.

  • 17% prioritizing the automatic mapping and classification of third parties based on business criticality.

  • 17% streamlining cybersecurity processes by automatically completing questionnaires

  • 15% aiming to increase assessment accuracy through AI-based validation

  • 8% focusing on predicting third-party breaches

Prioritizing Third-party Security Management this Year

The top challenge CISOs see in 2024 when it comes to third-party risk management is complying with new regulations for third-party risk management (20%). Other challenges included:

  • Communicating the business influence of third-party risk management: 19%

  • Not enough resources to manage risk in the growing supply chain: 18%

  • AI-based third parties breaches increasing: 17%

  • No visibility to Shadow IT usage in their company: 16%

  • Prioritizing the risk assessment efforts based on risk critically: 10%

When it comes to choosing the right third-party cyber risk management solution, CISOs expect a solution that has diverse capabilities in order to gain the most effectiveness.  In the study, 44% of CISOs said risk quantification (quantifying third-party cyber risk exposure in dollar values) is a very important capability. Receiving suggested remediation actions for gaps or emerging threats (40%), threat intelligence (39%) and integration to other systems (38%) also emerged as important to CISOs to choosing the right third-party cyber risk management solution.

“In 2024, confronting regulatory changes and escalating third-party cyber risks is paramount,” continued Or-El. “Despite resource constraints and rising AI-related breaches, increased budget allocation towards cyber risk management is a positive step in the right direction.”

To learn more about Panorays, please visit: https://panorays.com/.

About the Study

The 2024 CISO Survey includes a sample of 200 CISOs in the U.S. Thirty-five percent of the respondents were from medium-large enterprises (2,000-4,999 employees), 35% were from large enterprises (5,000-9,999 employees), 15% were from very large enterprises (10,000-14,999 employees) and 15% were from mid-size enterprises (1,000-1,999 employees). The sample included CISOs from the financial services, technology, insurance, travel and hospitality, health and pharma, transport and logistics, telecom, agriculture and mining, food and beverage, nonprofit, energy and utilities, and education.

About Panorays

Panorays is a rapidly growing provider of third-party security risk management software, offered as a SaaS-based platform. The company serves enterprise and mid-market customers primarily in North America, the UK and the EU, and has been adopted by leading banking, insurance, financial services and healthcare organizations, among others. Headquartered in New York and Israel, with offices around the world, Panorays is funded by numerous international investors, including Aleph VC, Oak HC/FT, Greenfield Partners, BlueRed Partners (Singapore), StepStone Group, Moneta VC, Imperva Co-Founder Amichai Shulman and former CEO of Palo Alto Networks Lane Bess. Visit us at www.panorays.com.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights