This week, Prevalent published an infographic developed by analyst firm EMA focused on vendor threat management.
The infographic starts with a simple question ‘Do We Need Vendor Threat Management?’ It highlights a senior executive speaking with a team member asking whether his organization is prepared to take on third-party risk. The team member answers that they are not, but neither are 92% of other organizations. The simple fact that EMA’s research identifies most companies are not prepared for 3rd party risk management is indicative of overall cyber risk preparedness given the trends in outsourcing, the use of the cloud, and managed services.
The next scene is set in the board room with the same executive asking about whether the company is monitoring vendors who have access to business resources. These vendors include: IT firms, accounting firms, law firms, insurance firms, and others. The team in the room starts to identify key statistics about the state of 3rd party risk management in an effort to help the executive understand where things stand. Some of the highlights include:
- 63% of breaches were tied to third-party IT providers.
- 38% of organizations prioritize security investments based on risk or impact to overall business strategy.
- 64% of organizations do not conduct regular security audits.
The third scene has the executive discussing how other organizations have been impacted by third-party breaches as well as whether this was a must for the business. In addition to the risks identified in the board room and detailing some recent breaches, the executive also identifies other reasons for vendor threat management:
- Compliance with regulations like OCC, PCI, and HIPAA
- Maintaining vendor and client relationships
- Maintaining industry reputation
- Reducing financial risk
The goal of this infographic is to highlight the risk, business, and readiness most organizations are facing. It does not discuss a solution, but we know the old ways of inconsistent, non-standardized questionnaires managed manually without technical monitoring and threat intelligence is never going to help companies get the visibility and risk management they need to combat the growing threat.
It is clear that a model based on threat intelligence monitoring insights tied to automated assessments using standardized content like the Shared Assessments SIG as well as continuous threat monitoring is necessary to help get the insight organizations of all sizes need to help reduce third-party risks. Prevalent is the first, purpose built unified platform for third-party threat management to offer these capabilities for enterprises of all sizes.
View the infographic HERE.