A new survey of 617 individuals with a risk management role in their organization conducted by the Ponemon Institute and sponsored by Shared Assessments was released today, with key findings focused on this very issue. Third-party risk is clearly a major concern, and it’s only increasing with the growth in disruptive technologies such as IoT, cloud, etc.
Among the study’s notable findings:
- Researchers found that in the past 12 months, organizations spent an average of $10 million to respond to a security incident as a result of negligent or malicious third parties.
- However,only 8 percent of respondents say improvement of their organizations’ relationship with business partners is a top risk management objective.
- And only 31 percent of respondents have metrics to measure the effectiveness of risk management activities.
So the risk associated with third parties is growing, but the C-Suite and Board level are not prioritizing this issue and don’t have a path to measure an effective risk management program.