Study finds that third parties are the cyber risk that is increasing the most
- Published: Thursday, 18 October 2018 09:00
Third parties are the fastest growing of the many significant cyber risks, finds a new global study from ESI ThoughtLab and WSJ Pro Cybersecurity, in partnership with Opus. The study, ‘The Cybersecurity Imperative’, benchmarks the cyber security practices and performance of over 1,300 organizations around the world.
As part of the study, respondents were asked to identify the leading internal and external risks to their organization, as well as to assess their own cyber security maturity. The study found that data sharing with suppliers represented the most significant risk to an organization’s IT infrastructure: 57 percent of all respondents highlighted data sharing with third parties as their greatest vulnerability. Because of their integrated supply chains, energy companies and utilities (66 percent), consumer markets firms (60 percent) and manufacturers (58 percent) are the most susceptible.
Attacks on and through third party partners, customers and vendors represent the fastest growing threats across the cyber risk landscape, as the use of supplier ecosystems and embedded systems continues to grow. Attacks on partners and vendors are expected to grow 284 percent and through partners and vendors by 247 percent over the next two years. In comparison, the implementation of information security practices for third parties are expected to grow just 106 percent over the same period – suggesting that the threat looms much larger than the planned efforts to contain it.
“As firms advance through digital transformation, they rely to an increasing degree on technology vendors and partners, exposing their organizations to ever-expanding third-party cyber risks,” Dov Goldman, VP, Innovation and Alliances at Opus, said. “Companies must support digital innovation with the tools and business practices to manage rising information security and privacy risks, especially those from third parties.”
Other significant findings from The Cybersecurity Imperative include:
- People remain the largest risk to an organization. Nearly all firms (87 percent) see untrained general staff as the biggest cyber risk to their business.
- Digital transformation is creating significant risks for an organization. The areas of greatest impact are: new technologies, such as AI and IoT (56 percent), cloud-based and open platforms (55 percent), increasing interconnectivity and mobile use (38 percent).
- When assessed across the NIST cyber security framework, just under half of companies (49 percent) are in the intermediate stage of cyber security maturity, while 31 percent are beginners and only 20 percent are leaders.
- Digital maturity often goes hand-in-hand with cyber security maturity. Born-digital platform companies are more likely to be leaders (30 percent) and have the highest cyber security maturity score. Whereas 68 percent of digital beginners are also cyber security beginners.
- Perceptions of cyber security change as a company’s approach matures: 19 percent of beginners see cyber security as a reputational risk, in contrast to 41 percent of leaders. 23 percent of leaders saw cyber security an area of competitive advantage compared to 6 percent of beginners.
- The US ranked highest overall in cyber maturity and volume of companies with advanced cyber security programs. Rounding out the top five include South Korea, Japan, France and Australia.