Study finds that third parties are the cyber risk that is increasing the most

Published: Thursday, 18 October 2018 09:00

Third parties are the fastest growing of the many significant cyber risks, finds a new global study from ESI ThoughtLab and WSJ Pro Cybersecurity, in partnership with Opus. The study, ‘The Cybersecurity Imperative’, benchmarks the cyber security practices and performance of over 1,300 organizations around the world.

As part of the study, respondents were asked to identify the leading internal and external risks to their organization, as well as to assess their own cyber security maturity. The study found that data sharing with suppliers represented the most significant risk to an organization’s IT infrastructure: 57 percent of all respondents highlighted data sharing with third parties as their greatest vulnerability. Because of their integrated supply chains, energy companies and utilities (66 percent), consumer markets firms (60 percent) and manufacturers (58 percent) are the most susceptible.

Attacks on and through third party partners, customers and vendors represent the fastest growing threats across the cyber risk landscape, as the use of supplier ecosystems and embedded systems continues to grow. Attacks on partners and vendors are expected to grow 284 percent and through partners and vendors by 247 percent over the next two years. In comparison, the implementation of information security practices for third parties are expected to grow just 106 percent over the same period – suggesting that the threat looms much larger than the planned efforts to contain it.

“As firms advance through digital transformation, they rely to an increasing degree on technology vendors and partners, exposing their organizations to ever-expanding third-party cyber risks,” Dov Goldman, VP, Innovation and Alliances at Opus, said. “Companies must support digital innovation with the tools and business practices to manage rising information security and privacy risks, especially those from third parties.”

Other significant findings from The Cybersecurity Imperative include: