The Ponemon Institute surveyed more than 1,000 CISOs and other security and risk professionals across the US and UK to understand the challenges companies face in protecting sensitive and confidential information shared with third-party vendors and partners. According to the findings, 59 percent of companies said they have experienced a data breach caused by one of their vendors or third parties. In the U.S., that percentage is even higher at 61 percent — up 5 percent over last year’s study and a 12 percent increase since 2016.
Javvad Malik, Security Advocate at AlienVault:
The use of third parties has risen over the past few years. Not only has it become easier and cost-effective to outsource certain business functions and apps to third parties, newer companies that are ‘born in the cloud’ often have minimal assets or functions in-house, with the majority of functions and infrastructure outsourced to third parties. With this larger reliance, it is a given that the number of breaches at third parties will increase.
Companies should be proactive in researching companies to who they wish to conduct business with. They should gain assurance that the third party understands security risks and has the right controls in place to protect information, as well as being able to detect and having a response plan in place.
Companies should also plan for worst case scenarios and have contingency plans where they can switch to an alternative provider, or bring processing in-house – as well as requiring the third party to take out cybersecurity insurance that could compensate for loss of business.