Today’s enterprises operate in a complex digital ecosystem that connects customers, vendors, and partners and through which data is shared and transactions are processed. Because much of this is done through outsourcing of systems and services to third parties, many enterprises have dramatically increased the scale and complexity of their risk surface.
While companies are reliant on third and fourth parties to do business and often benefit from using such external services, these relationships also pose a risk to the enterprise’s sensitive data. Enterprises rely on these third parties to fulfill essential services and often expect them to secure the enterprise’s data in the process. Unfortunately, this does not always happen.
According to a survey by RiskRecon, a Mastercard company, and the Cyentia Institute, third-party risk practitioners said that 31% of their vendors could cause a critical impact to their organization if breached, while 25% claimed that half of their entire network could trigger severe impacts.
Recent catastrophic cybersecurity incidents like the SolarWinds case demonstrate that cyber risk can come from supply chain layers beyond the company’s immediate third parties. These multi-party cyber breaches create a ripple effect and threaten to have a far greater impact than those affecting single companies.
Click below to read our full-featured article in Risk Management Magazine.