Salt Lake City, Utah, April 30, 2019 — Today the Cyentia Institute published the “Internet Risk Surface Report,” a comprehensive study sponsored by RiskRecon detailing the magnitude and complexity of the risk surface that enterprises must manage to achieve good operational and information risk outcomes. The report exposes the true extent of enterprise computing, reaching into the vast array of third-party cloud and hosting providers. The study also lays bare the quality of enterprise cybersecurity risk management across a wide set of industries and geographies.
Key findings include:
- International supply chain risk management
- Thirty-two percent of organizations host their data in foreign countries.
- East Asian and Eastern European countries have nearly 400% higher rate of severe security vulnerabilities than North America and Western Europe.
- Reliance on the cloud
- Eighty-four percent of organizations host critical or sensitive assets with third parties.
- A typical firm has 22 internet-facing hosts, but some maintain over 100,000.
- Sixty-five percent of hosts sit on infrastructure owned by an external entity.
- Twenty-seven percent of firms host assets with at least 10 external providers.
- Overall, organizations are three times as likely to have high-value assets with severe findings off-premise vs. on-premise.
- Risk surface by industry
- Every industry has different commerce characteristics, but there are risk commonalities in most groups.
- The finance industry has the lowest rate of severe vulnerabilities at 3.2%.
- Public admin and education sectors have a 60% higher rate of critical vulnerabilities than finance.
To download the full Internet Risk Surface Report, visit: info.riskrecon.com/risksurface
About Cyentia Institute
Cyentia Institute is a Virginia-based cybersecurity research services firm. We deliver high-integrity, high-quality, data-driven research that provides security companies with meaningful marketing content to build mindshare, drive sales, and attain greater visibility in competitive markets. In doing so, we seek to advance cybersecurity knowledge and practice for the community at large. In addition, we curate and publish a library of cybersecurity research and reporting which serves as a vital reference for security decision makers and practitioners worldwide.
RiskRecon is the only continuous vendor monitoring solution that delivers risk-prioritized action plans custom-tuned to match your risk priorities, providing the world’s easiest path to understanding and acting on third-party cyber risk. Partner with RiskRecon to build your scalable, third-party risk management program to realize dramatically better risk outcomes. To learn more about RiskRecon’s approach, request a demo or visit the website at www.riskrecon.com.