Security News > 2021 > April > Cybersecurity only the tip of the iceberg for third-party risk management

Cybersecurity only the tip of the iceberg for third-party risk management
2021-04-21 04:30

More concerning is that 44% of companies report not actively tracking supply chain risks, which were the primary pandemic-related third-party risk management impact.

Because IT and security teams own third-party risk management in 50% of companies, and likely due to increasing numbers of damaging third-party data breaches, the study illustrates that cybersecurity risks are getting the most attention.

More than 50% of respondents indicated the biggest challenge they face in third-party risk management is not having enough pre-contract due diligence to identify potential vendor risks.

55% of organizations saw an increase in third-party risk management ownership by security over the past year, yet only 22% of companies are seeing an increase in ownership by procurement teams, meaning that important ESG, ABAC and vendor financial risks typically required by these teams to properly assess vendors may not getting the attention they require.

"The past year has brought even more attention to the risks associated with third-party vendors and partners, specifically to the supply chain, stated Brenda Ferraro, VP of third-party risk management for Prevalent."

Expand assessments beyond cybersecurity to include reputational and vendor financial information, helping to create a more holistic vendor risk profile.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/zIFcUD14Grw/