Sep 23, 2020 SOURCE: PR NewsWire

BlueVoyant Research Reveals That 92% of US Organizations Have Experienced a Breach Because of Weaknesses in Their Supply Chain

NEW YORK, Sept. 23, 2020 /PRNewswire/ -- BlueVoyant, a global, expert-driven cybersecurity services company, today released the US findings of its global study into third-party cyber risk management. The study reveals that 92% of US organizations surveyed had experienced a cybersecurity breach that originated from vulnerabilities in their vendor ecosystem in the past 12 months. The average respondent's organization had been breached in this way 3.1 times, which was the highest out of all the countries surveyed. The research also found organizations are experiencing multiple pain points across their cyber risk management program as they aim to mitigate risk across a network that typically encompasses over 1400 vendors.

The study was conducted by independent research organization Opinion Matters and recorded the views and experiences of 1505 CIOs, CISOs and Chief Procurement Officers in organizations with more than 1000 employees across a range of vertical sectors. It covered five countries: USA, UK, Mexico, Switzerland and Singapore.

Other key US findings include:

    --  33% say they have no way of knowing if cyber risk emerges in a
        third-party vendor, this was the second highest out of all five
        countries surveyed.
    --  Just under one third (31%) monitor their entire supply chain, which
        means that 69% do not have full visibility. However, this was higher
        than the global average across all respondents which was 23%.
    --  Additionally, US respondents are monitoring and reporting more
        frequently than most other countries surveyed, 35% report monthly and 9%
        report weekly, while 27% only re-assess and report their vendor's cyber
        risk position either six-monthly or less frequently.
    --  The average headcount in internal and external cyber risk management
        teams is 10.7.
    --  86% say that budget for third-party cyber risk management is increasing,
        by an average figure of 45%. This was the second highest budget increase
        out of the five countries surveyed.

Commenting on the research findings, Jim Penrose, Chief Operating Officer for BlueVoyant, said: "There are signs that US respondents are responding to the severity of the situation, but there is still a concerning lack of visibility into third-party suppliers. This is evident in the number of breaches that US respondents are reporting. The research clearly indicated the reasons behind this high breach frequency with visibility being a major problem and one third admitting that they have no way of knowing if a risk arises in a third-party vendor."

Multiple pain points exist in third-party cyber risk programs as budgets rise in response

Further insight into the difficulties that are leading to breaches was revealed when respondents were asked to identify the top three pain points related to their third-party cyber risk programs in the past 12 months. The most common problems were:

    --  Working with suppliers to improve their security performance;
    --  Prioritizing which risks are urgent and which are not;
    --  Offboarding suppliers with the rigor we onboarded them.

However, overall responses were almost equally spread across thirteen different areas of concern. In response to these issues, budgets for third-party cyber risk programs are set to rise in the coming year. 86% of survey respondents said they expect to see budgets increase, by 45% on average.

Jim Penrose continues: "The fact that cyber risk management professionals are reporting difficulties across the board shows the complexity they face in trying to improve performance. It is encouraging that budget is being committed to tackling the problem but currently the treatment is not proportional to the scale of the risk faced. As the research shows, US organizations are experiencing frequent breaches as a result. There is recognition that more investment is needed - budgets are rising. In fact, along with the UK, the US is committing the most money to tackling the issue. However, the critical question US organizations should be asking is where funds should be directed to make a tangible impact to reduce third-party cyber risk?"

Mix of tools and tactics in play

The survey investigated the tools organizations have in place to implement third-party cyber risk management and found a mix of approaches with no single approach dominating. Many US organizations are evolving towards a data-driven strategy, with supplier risk data and analytics in use by nearly half (43%) of respondents. However static, point-in-time tactics such as on-site audits and supplier questionnaires remain common.

Split over third-party cyber risk ownership

Over half (54%) of US organizations think the CISO owns cyber risk while 27% say it belongs to the CIO and 10% say Chief Procurement Officers are responsible. This division over who ultimately owns cyber risk is causing issues around allocation of budget, resources and ultimately an organization's ability to remediate issues when they arise.

Jim Penrose concludes: "Overall the research findings indicate a situation where the large scale of vendor ecosystems and the fast-changing threat environment is defeating attempts to effectively manage third-party cyber risk in a meaningful way. It is critical for US organizations to decide who owns third-party cyber risk. Until this question is answered, it is impossible to adopt a coherent and effective strategy and make meaningful progress to manage it. Third-party cyber risk must be taken out of operational silos and integrated fully with the organisation's overall risk management strategy with clearly defined lines of responsibility, reporting, and budget ownership."

The full US BlueVoyant research report: "Global Insights: Supply Chain Cyber Risk - Managing Cyber Risk Across the Extended Vendor Ecosystem" is available here.

About BlueVoyant

BlueVoyant is an expert-driven cybersecurity services company whose mission is to proactively defend organisations of all sizes against today's constant, sophisticated attackers and advanced threats. Led by CEO Jim Rosenthal, BlueVoyant's highly skilled team includes former government cyber officials with extensive frontline experience in responding to advanced cyber threats on behalf of the National Security Agency, Federal Bureau of Investigation, Unit 8200 and GCHQ, together with private sector experts. BlueVoyant services utilize large real-time datasets with industry leading analytics and technologies.

Founded in 2017 by Fortune 500 executives and former Government cyber officials and headquartered in New York City, BlueVoyant has offices in Maryland, Tel Aviv, San Francisco, London and Latin America.

Press Contact Details
Danielle Ostrovsky
C8 Consulting (USA)
T: +1-410-302-9459
E: danielle@c8consulting.co.uk

View original content:http://www.prnewswire.com/news-releases/bluevoyant-research-reveals-that-92-of-us-organizations-have-experienced-a-breach-because-of-weaknesses-in-their-supply-chain-301136078.html

SOURCE BlueVoyant

BLUEVOYANT

Related News

BlueVoyant Announces Strategic Partnership with Argos Risk®

BlueVoyant Joins the Microsoft Intelligent Security Association

BlueVoyant Launches CRx to Reduce Cyber Risk in Business Ecosystems

BlueVoyant Acquires Managed Sentinel To Create End-to-End Services Portfolio For Microsoft Security Technologies

BlueVoyant Partners with Foreside Financial Group to Deliver Tailored Cybersecurity Services

BlueVoyant Strengthened with the Appointments of Influential Leaders to its Board of Directors and Advisory Board

BlueVoyant Global Head of Partnerships and Alliances Recognized as 2021 CRN® Channel Chief

BlueVoyant Report Reveals Ransomware is the Number One Cyber Threat facing Higher Education

View all News

Latest Procurements

Digital Mapping Provider for Smartraveller

DFAT has a requirement to engage a supplier to maintain, update and deliver country and regional maps for the Smartraveller website, within predefined delivery timeframes.

Vanuatu Australia Police and Justice Program 3 (VAPJP3)

Vanuatu Australia Policing and Justice Program

ATM 23/3415 Ice Core Storage and Transport for the Million Year Ice Core Project

Provision of Ice Core Storage and Transport Services to the Australian Antarctic Division for the Million Year Ice Core Project

View all Procurementsp

Agenda

October

United KingdomCopthorne Tara Hotel, London, UK

International Dismounted Soldier, 29-30 October 2024, Copthorne Tara Hotel, London, UK

Navigating the Evolving Battlespace: Enhancing the Capabilities of the Dismounted Soldier The modern battlefield...

September

United KingdomHilton London Syon Park, London, UK

Defence Transformation Conference, 24-26 September 2024, Hilton London Syon Park, London, UK

Returning for its 8th year, Defence Transformation 2024 will feature an updated format that will address all aspects of...

June

FranceParc des Expositions de Paris Nord Villepinte ZAC Paris Nord 2, 93420 Villepinte – France (Halls 5a – 5b – 6)

Eurosatory 2024, 17 - 21 June 2024, Parc des Expositions de Paris Nord Villepinte ZAC Paris Nord 2, 93420 Villepinte – France (Halls 5a – 5b – 6)

Eurosatory 2024 There can be no sustainable world without peace and security. Founded in 1967, the exhibition...

View All Events

Companies

Al Essa Group of Companies

Parmley Technologies Ltd

Stark Aerospace, Inc.

View All Companies