Third-party cyber risks are a ‘glaring blind spot’ finds PwC survey

Published: Thursday, 14 October 2021 07:33

A majority of companies don’t have a handle on their third-party cyber risks  – risks obscured by the complexity of their business relationships and vendor/supplier networks. This is a key finding of the PwC 2022 Global Digital Trust Insights Survey. The survey of 3,600 CEOs and other C-suite executives around the world found that 60 percent have less than a thorough understanding of the risk of data breaches through third parties, while 20 percent have little or no understanding at all of these risks.

PwC says that these findings are a red flag in an environment where 60 percent of the C-suite respondents anticipate an increase in cyber crime in 2022. They also reflect the challenges that organizations face in building trust in their data - making sure it is accurate, verified and secure, so customers and other stakeholders can trust that their information will be protected.

Notably, 56 percent of respondents say their organizations expect a rise in breaches via their software supply chain, yet only 34 percent have formally assessed their enterprise’s exposure to this risk. Similarly, 58 percent expect a jump in attacks on their cloud services, but only 37 percent profess to have an understanding of cloud risks based on formal assessments.

Asked how their companies are minimizing third-party risks, the most common answers were auditing or verifying their suppliers’ compliance (46 percent), sharing information with third parties or helping them in some other way to improve their cyber stance (42 percent), and addressing cost- or time-related challenges to cyber resilience (40 percent). But a majority have not refined their third-party criteria (58 percent), not rewritten contracts (60 percent), nor increased the rigor of their due diligence (62 percent) to identify third-party threats.

Other key findings include:

More details.