A new study says that the supply chain is a magnet for cyber breaches.
And 93% admitted that they have suffered a direct cybersecurity breach because of weaknesses in their supply chain.
"Breaches … are still staggeringly high," said Adam Bixler, global head of third-party cyber risk management at BlueVoyant, in a blog post.
"Focused attackers are continually scanning businesses for open vulnerabilities … and business trust relationships means that if a supplier is affected, it could affect an ‘upstream’ connection," Bixler told FOX Business.
This is happening despite more awareness of the risks and the rising cybersecurity budgets to deal with it. But the complexity of the people, processes, and technologies needed to build a comprehensive defense against attacks means that money isn’t always spent effectively, Bixler said.
Additional findings include:
-Third-party supplier disconnect: a higher number of respondents, 38%, said that they had no way of knowing when or if an issue arises with a third-party supplier’s cybersecurity compared to 31% last year.
-Third-party cyberattack risk being taken more seriously: Only 13% of companies said that third-party cyber risk was not a priority compared to last year when 31% of companies said it was not a priority.
-Budgets up: 91% say that the budget for third-party cyber risk management is increasing in 2021.
The study was conducted by independent research organization, Opinion Matters, and recorded the experiences of 1,200 IT executives in organizations with more than 1,000 employees across a range of industries in the U.S. and other countries.
This follows a study in September from CyberGRX, based on research done by Forrester Consulting, highlighting third-party risk.
That study also said that organizations recognize third-party threats but fail to take adequate measures to mitigate them.
"Today’s organizations constantly exchange confidential information with third parties," Forrester said.
"This exposes both sides to significant cyber risk" including data loss and ransomware, Forrester said, adding that 95% of respondents said their organizations experienced a challenge in managing third-party risk.
And as enterprises turn more to cloud and software-as-a-service (SaaS), the percentage of data shared with third parties is expected to ramp up over the next five years.
Organizations that have experienced an incident also tend to share a higher percentage of their critical data (30%) than firms that haven’t been hit (22%), Forrester said. And firms that have experienced an incident are less likely to have tools in place to mitigate third-party cyber risks.