STUDY: Despite 84% of Businesses Claiming to Prioritize Third-Party Risk Management, More Than 40% Of Companies Have Insufficient Visibility Over Their Digital Supply Chain
New report shows only 13% of businesses continuously monitor the security risks of their third parties and critical vendors
Panorays, a leading provider of third-party security risk solutions, today released a comprehensive mid-year report titled “Navigating Third-Party Security Risks in 2023: Mid-Year Insights and Trends”. The report delves into the increasing risks of cyberattacks in today’s digital supply chain, a growing concern for businesses worldwide.
The report’s findings – collected between February and April 2023 – tapped 100 IT security executives, including senior decision-makers, with 30% holding CxO titles, 17% as VPs, 22% as directors, 20% as senior managers, and 11% as security analysts, architects, or engineers.
These perspectives from across industries provide a broad understanding of the challenges and strategies in third-party risk management, a crucial focus for businesses seeking to bolster their digital ecosystems against escalating threats. Some key findings from the report include:
- 84% of organizations prioritize third-party security risk management, indicating a growing awareness of the potential threats posed by third-party relationships.
- Only 13% of organizations continuously monitor the security risks of their third parties, highlighting a significant gap in current risk management practices, especially when considering critical vendors.
- 44% take three weeks or more to onboard a new third party, highlighting the complexity of managing third-party relationships – especially when companies have hundreds or thousands of third parties.
- 52% find manual data collection and vendor communication cumbersome, suggesting the need for more automated, streamlined processes.
- 43% have an insufficient view of 4th party vendor security risks, revealing a need for enhanced visibility across the entire supply chain.
The report underscores that in the face of an increasingly complex regulatory environment, organizations are grappling with managing a multitude of third-party relationships, with 58% of companies managing over 100 vendors. Despite these challenges, the crucial nature of third-party risks necessitates proactive management, especially given the high stakes associated with data breaches that average $4.35 million in costs according to a recent IBM and Ponemon report.
“Organizations are managing a substantial number of third-party relationships, and it’s clear that third-party security risk management needs to be a priority for businesses in all sectors,” said Matan Or-El, CEO and Co-Founder of Panorays. “However, our report indicates that many companies are not fully utilizing effective strategies for continuous risk monitoring and visibility across the digital supply chain.”
“Companies must prioritize third-party security risk management and maintain constant vigilance in understanding the identity and significance of their third-party partners” added Demi Ben-Ari, CTO of Panorays. “Our report highlights the need for strategic refinement and ongoing adaptation in third-party risk management methodologies.”