informa
Slideshow

Third-Party Cyber-Risk by the Numbers

Recent stats show that the state of third-party cyber-risk and vendor risk management remains largely immature at most organizations.
Vetting Third Parties for Cyber-Risk
Scope of Third-Party Access
Most Orgs Lack Third-Party Visibility
Vendor Risk Management Maturity
Boards Still Aren't Being Updated
Assessment Mess
The Nth Factor
1/7

Make no mistake: Even the most technologically mature organizations are struggling to keep in check the rising force of third-party cyber-risk. Recent high-profile security incidents, such as the Facebook data leak and the ASUS Shadowhammer attack, bring home the fact that third parties can introduce tremendous risk to business operations, data security, and even the technical integrity of products and services.

Data shows that enterprises of all types are still way behind on instituting the governance and technology to wrap their arms around third-party risks, be they in the software supply chain, access governance, or data handling. And, unfortunately, some experts say the industry isn't moving the needle on third-party risk.

"The overall maturity of vendor risk management programs is virtually unchanged in the face of an increasingly challenging external risk and regulatory environment," wrote experts from Protiviti in the company's fifth annual vendor risk management survey.

For this slide show, Dark Reading took a look at data in that report as well as a number of others on third-party cyber-risk to offer insight into the current attitudes around the problem, the scope of access afforded to third parties, and the maturity level of current vendor risk management practices.

 
Next slide
Recommended Reading: