The latest enterprise risk management news from around the world

BitSight has released the results of a commissioned study conducted by Forrester Consulting entitled ‘Take Control of Vendor Risk Management Through Continuous Monitoring’. The findings reveal that current methods for managing third-party risk are inefficient and that companies must adopt continuous monitoring to detect security and risk issues to better understand their vendors’ cybersecurity posture and overall risk posed to their business.

The study surveyed 251 IT, risk, compliance and security decision makers in North America and Europe. Participants included managers, directors, vice presidents and c-level executives from organizations ranging from 1,000 to over 20,000 employees.

Key findings:

  • It typically takes between two weeks and two months to adequately assess a vendor’s cybersecurity posture. It took 88 percent of organizations over two weeks to assess vendors’ cybersecurity using manual methods, leaving many organizations exposed to security control and performance gaps.
  • Outside vendor analytics are important. 87 percent of firms said a mixture of in-house and analytics from an outside vendor are very to extremely important when assessing third-party cyber risk management.
  • Firms recognize the value of continuous monitoring. 83 percent of firms said more frequent or continuous monitoring of their vendors’ cybersecurity posture would be very to extremely valuable.
  • Continuous monitoring is more than an annual survey. 49 percent of firms believe a key benefit of better third-party cyber risk management is improved vendor communication.
  • Firms are making the connection between continuous monitoring and improved security. 51 percent of firms believe a key benefit of third-party cyber risk management is improving collaboration to remediate security issues.

More details.

Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.