Prevalent, a renowned provider of third-party risk management services, has uncovered some astonishing revelations about the imminent threat of third-party data breaches. A comprehensive study conducted by the company, involving feedback from 50 IT professionals between February and March of this year, has clearly demonstrated a nearly 50% surge in breaches caused by third parties compared to the previous year. These two years alone witnessed over three times the number of incidents compared to 2021, signaling the escalating complexity of cybersecurity.
The report, spearheaded by Prevalent CEO Kevin Hickey, not only focuses on reducing the frequency of breaches but also emphasizes the magnitude of these breaches. It highlights a multitude of supply chain breaches that have affected prominent organizations such as Okta, LastPass, Change Healthcare, and PJ&A, exposing millions of individuals worldwide to potential harm. Hickey stresses the inevitability of third parties becoming targets of cyberattacks, thus urging organizations to prioritize addressing critical cybersecurity issues.
One of the prominent issues revealed in this study is the vulnerability of companies to the inadequate security measures employed by their third-party providers. Despite the widespread adoption of Third-Party Risk Management (TPRM) practices, only a third of executives demonstrate effective coordination in the realm of organizational security. Brad Hibbert, the COO of Prevalent, attributes this lack of cohesive and robust collaboration to organizations heavily relying on individual tools, resulting in insufficient protection of supply chains against diverse threats.
The study also highlights the impediments posed by resource constraints, hindering organizations’ efforts to fortify their defenses against third-party breaches. Alarmingly, even with a staggering figure of 3,200 third-party relationships being established, only 33% of these vendors are currently being monitored or assessed. Surprisingly, many organizations still rely on outdated tools like Excel for vendor analysis, with half of the companies utilizing this ineffective system. Such reliance on inadequate systems severely hampers risk reduction efforts.
The study’s findings carry significant implications, which are underscored by three key recommendations: the implementation of dedicated TPRM platforms, coordinated efforts, and the utilization of cutting-edge technologies like AI to enhance cybersecurity. However, the study also emphasizes the urgent need for companies to establish specialized units tasked with overseeing third-party security issues.
In conclusion, this study conducted by Prevalent sheds light on the alarming prevalence of third-party data breaches and the escalating complexity of cybersecurity. It serves as a wake-up call for organizations to prioritize addressing critical cybersecurity issues, fortify their defenses, and establish dedicated units to mitigate the risks associated with third-party breaches.