Technology Report: 54% of organizations have infringed through third parties...

Report: 54% of organizations have infringed through third parties in the past 12 months


- Advertisment -

Couldn’t attend Transform 2022? Check out all the top sessions in our on-demand library now! Look here.

Cyber ​​attacks via suppliers or suppliers of an organization are reported far too little. According to new research from Ponemon Institute and Mastercards RiskRecon, only 34% of organizations are confident their suppliers would notify them of a breach of their sensitive information.

Organizations depend on their third-party suppliers to provide key services such as payroll, software development or data processing. However, without strong security controls, vendors, suppliers, contractors, or business partners can put organizations at risk of a third-party data breach.

Unfortunately, new research by Ponemon Institute and Mastercard’s RiskRecon provides evidence that third-party data breaches may be underreported, as only 34% of organizations trust their suppliers would notify them of a data breach involving their sensitive information.

Image source: RiskRecon

This helps explain why weak third-party security controls are still a hitch for enterprises, as 59% of respondents confirm that their organization has experienced a data breach caused by one of their third parties, with 54% in the past took place 12 months.


MetaBeat 2022

MetaBeat will bring together thought leaders to offer advice on how metaverse technology will change the way all industries communicate and do business October 4 in San Francisco, CA.

Register here

The problem extends downstream as well, as 38% of organizations say the breach was caused by one of their “Nth parties,” pointing to the flaws in the third-party security controls in place for their suppliers and partners. As a result, only 21% of organizations are confident that their Nth party would notify them of a breach.

There are several key best practices that organizations should follow to mitigate third-party cyber risks, but the research shows that there is still more work to be done. These include creating and maintaining an inventory of all third parties and regularly reviewing their security and privacy controls. Unfortunately, the survey found that only 36% of organizations do this when entering a relationship, while only 43% regularly review these checks.

The main reasons organizations fail to follow such best practices are a lack of board accountability and involvement. Surprisingly, only 18% of organizations report that the CISO is responsible, while 35% report that third-party cyber risks are not a board-level priority.

The RiskRecon 2022 Data Risk in the Third-Party Ecosystem study is based on a survey of 1,162 IT and IT security professionals in North America and Western Europe conducted by the Ponemon Institute from May 2 – June 30, 2022.

Read the full report from RiskRecon and Ponemon Institute.

The mission of VentureBeat is a digital city square for tech decision makers to gain knowledge about transformative business technology and transactions. Discover our briefings.

Shreya Christina
Shreya has been with for 3 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider team, Shreya seeks to understand an audience before creating memorable, persuasive copy.


Please enter your comment!
Please enter your name here

Latest news

Who is YouTuber Jeremy Jahns? Net worth, girlfriend, Wiki

Jeremy Jahn's Wiki Bio Jeremy Jahns was born in Seattle, Washington State, USA, on May 8, 1981 – his zodiac...

5 strategies to make ESG VC more successful

As is the case with the implementation of many principled goals, especially from the financial community, there seem to...

Storytelling: A CISO’s Superpower Against Cybersecurity Indifference

Couldn't attend Transform 2022? Check out all the top sessions in our on-demand library now! Look here....

3 steps to make sure you tell a brand story that sells

Opinions expressed by contributors are their own. Your brand is more than just your product or service. It's...
- Advertisement -

The Ava Remote is a sign of what could be the perfect smart home controller

Last week I visited the world of the professionally installed smart home. This is the promised land. ...

Google opens applications for circular economy accelerator •

Google is launching a new, online-only startup accelerator centered around the elusive circular economy. The effort is the...

Must read

- Advertisement -

You might also likeRELATED
Recommended to you