In the spring of 2020, we surveyed over 150 third-party risk practitioners to gain a better understanding of how organizations are operating their third-party risk management programs, the challenges those programs are facing, and the strategies TPRM programs are utilizing to managed third-party risk.
We hope that you find this study helpful in your work to hold vendors accountable for managing third-party cyber risk well, because you can outsource your systems and services, but you cannot outsource your risk.
Here are some highlights from the report:
- 81% of respondents claimed that 3/4 of their vendors pass their security questionnaires
- In contrast, only 14% of those surveyed trust that third parties security actually matches responses from their questionnaires
- 31% of respondents stated that they have vendors they considered to be a material risk in the event of a data breach
- The typical ratio of vendors to staff reported by TPRM programs is 50(vendors):1(staff)
GO BEYOND SECURITY RATINGS
Protect your digital assets
You rely on your third- and fourth-party vendors to do business, but those vendors also pose risk to your enterprise’s sensitive data. RiskRecon gives you accurate, non-invasive visibility into your vendors’ security postures and then ranks vulnerabilities in order of priority so you know which issues to tackle first.
With our third-party cyber risk assessments, you’ll also be provided with custom-fitted risk action plans so you can immediately start engaging with your vendor for remediation. And if a vendor’s cyber risk degrades or an element falls out of policy, you’ll be notified instantly.
