Ongoing Third-Party Vendor Security Risks are Monitored by 13% of Businesses
Ongoing Third-Party Vendor Security Risks are Monitored by 13% of Businesses

Image: Desola Lanre-Ologun (unsplash)

A recent study disclosed that just 13% of firms routinely assess the security threats posed by their third parties. This points towards a lacuna in current risk management techniques, particularly when it comes to vital vendors.

Panorays, a cybersecurity company, has lately published a report titled ‘Navigating Third-Party Security Risks in 2023: Mid-Year Insights and Trends.’ The report explores the escalating dangers of cyberattacks in today’s interconnected digital supply chain, a pressing issue for businesses around the globe.

Data for the report, gathered from February to April 2023, were contributed by 100 IT security executives. The group included individuals occupying high-ranking roles: 30% with CxO positions, 17% as VPs, 22% as directors, 20% in senior management, and 11% performing the roles of security analysts, architects, or engineers.

The diverse industry perspectives offer a comprehensive understanding of the challenges and strategies involved in managing third-party risk.

Main findings of the report include:

  • The management of third-party security risk is given precedence by 84% of organizations, reflecting a heightened awareness of potential hazards associated with third-party collaborations.
  • Continuous monitoring of third-party security threats is only done by 13% of organizations, thereby underlining a deficiency in present risk management approaches, specifically for crucial vendors.
  • The process of onboarding a new third party can extend beyond three weeks for 44% of businesses, stressing the complexities inherent in handling third-party relationships, especially when they involve numerous third parties.
  • Manual data gathering and communication with vendors is deemed burdensome by 52% of participants, implying a need for more automated and efficient processes.
  • A total of 43% of companies have a limited understanding of fourth-party vendor security threats, indicating a necessity for improved visibility throughout the entire supply chain.