Almost half of firms faced third-party interruptions in past two years

Despite increased investments in third-party cybersecurity risk management over the past two years, 45% of organisations experienced third party-related business interruptions, according to a new survey by Gartner.

The survey was conducted in July and August 2023 among 376 senior executives involved in third-party cybersecurity risk management across organisations from different industries, geographies and sizes.

Zachary Smith, senior principal of research at Gartner, said: “Third-party cybersecurity risk management is often resource-intensive, overly process-oriented and has little to show for in terms of results. Cybersecurity teams struggle to build resilience against third party-related disruptions and to influence third party-related business decisions.”

Gartner suggests four key actions that security and risk management leaders should take to increase their effectiveness in managing third-party cybersecurity risk. These include: regularly reviewing how effective third-party risks are communicated to the business owner; tracking third-party contract decisions to manage risk acceptance; conducting third-party incident response planning to prepare and recover well in the event of an incident; and work with critical third parties to mature their security risk management practices as necessary.



Share Story:

YOU MIGHT ALSO LIKE


Investec is disrupting premium finance – Podcast
Investec made waves in entering the premium finance market, where listening and evolving in response to brokers made a real difference.

Communicating in a crisis
Deborah Ritchie speaks to Chief Inspector Tracy Mortimer of the Specialist Operations Planning Unit in Greater Manchester Police's Civil Contingencies and Resilience Unit; Inspector Darren Spurgeon, AtHoc lead at Greater Manchester Police; and Chris Ullah, Solutions Expert at BlackBerry AtHoc, and himself a former Police Superintendent. For more information click here

Advertisement