In addition, nearly 80% of respondents say they have terminated or would decline a business relationship due to a vendor’s cybersecurity performance. One in 10 organisations has created a job role specifically dedicated to vendor, third-party or supplier risk.
Moreover, only 44% of respondents are reporting on this risk to their executives and boards on a regular basis. This lack of regular reporting could be the reason why nearly one in five respondents think boards and executives are not confident or do not understand their approaches to third-party risk management (TPRM).
Respondents report that they still rely on tools like annual on-site assessments, questionnaires and facility tours to assess third-party security posture, giving them limited visibility into their third-party cyber risk. Meanwhile, only one quarter (22%) of organisations are currently using a security ratings service to continuously monitor the cybersecurity performance of third parties, though almost one third (30%) say they are currently evaluating security ratings providers.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now
We welcome comments that add value to the discussion. We attempt to block comments that use offensive language or appear to be spam, and our editors frequently review the comments to ensure they are appropriate. If you see a comment that you believe is inappropriate to the discussion, you can bring it to our attention by using the report abuse links. As the comments are written and submitted by visitors of the The Paypers website, they in no way represent the opinion of The Paypers.