Despite increased investments in third-party cybersecurity risk management over the past two years, 45% of organisations experienced third party-related business interruptions, according to a new survey by Gartner.
The survey was conducted in July and August 2023 among 376 senior executives involved in third-party cybersecurity risk management across organisations from different industries, geographies and sizes.
Zachary Smith, senior principal of research at Gartner, said: “Third-party cybersecurity risk management is often resource-intensive, overly process-oriented and has little to show for in terms of results. Cybersecurity teams struggle to build resilience against third party-related disruptions and to influence third party-related business decisions.”
Gartner suggests four key actions that security and risk management leaders should take to increase their effectiveness in managing third-party cybersecurity risk. These include: regularly reviewing how effective third-party risks are communicated to the business owner; tracking third-party contract decisions to manage risk acceptance; conducting third-party incident response planning to prepare and recover well in the event of an incident; and work with critical third parties to mature their security risk management practices as necessary.
Printed Copy:
Would you also like to receive CIR Magazine in print?
Data Use:
We will also send you our free daily email newsletters and other relevant communications, which you can opt out of at any time. Thank you.
YOU MIGHT ALSO LIKE