As enterprise leaders and security professionals increasingly recognize the risks and compliance implications that cybersecurity failures pose, the practice of third-party risk management (TPRM) continues to grow. Most large organizations today have a formalized program in place and several staffers dedicated to TPRM. And vendors are getting used to at least some level of scrutiny of their security controls through security questionnaires and other assessment methods.
The security industry has moved beyond the awareness-building stage of addressing third-party risk, but it is also important to keep moving forward. This is why RiskRecon and Cyentia Institute commissioned an in-depth study that explores the current state of third-party risk management programs and practices, based on a survey of 154 active third-party risk management professionals.
According to The State of the Third-Party Risk Management Report, 63% say managing third-party risk is a growing priority for their organization. The good news is 79% of organizations have a TPRM program in place, but these programs may not have reached maturity. For most, TPRM programs have only operated for five to six years. While new methods are starting to prevail, 84% reported the use of questionnaires to assess vendor security risk.
Click below to read our full-featured article in Risk Management Magazine.