A study from SecurityScorecard and The Cyentia Institute this morning details the reliance on third and fourth party vendors in the supply chain, and the security risks they may create.
Exposure to third-party risk.
A study from SecurityScorecard and The Cyentia Institute, titled “Close Encounters of the Third (and Fourth) Party Kind,” released today, describes cyber risks associated with third and fourth party providers.
Balancing security and convenience.
98% of organizations, according to researchers, are connected with at least one third-party vendor with a recent history of a breach, defined by researchers as occurring within the last 2 years. One finding is particularly jarring: the researchers found that half of the organizations surveyed have “indirect relationships with at least 200 breached fourth-party vendors in the last two years.” Third party vendors were also found to be five times more likely to have poor security than a primary organization. The information services sector was found to have 2.5 times the average number of third party vendors as compared to the overall average, using on average 25 vendors as opposed to the lower general average of 10.
Increased regulatory and security scrutiny in outsourced vendors.
The use of external vendors can create issues for companies in meeting regulatory requirements for each country they have involvement in. Though 59% of organizations have vendors from five or fewer countries, approximately 14% of those surveyed worked with providers across 10+ countries.