IT disaster recovery, cloud computing and information security news

Third parties are the fastest growing of the many significant cyber risks, finds a new global study from ESI ThoughtLab and WSJ Pro Cybersecurity, in partnership with Opus. The study, ‘The Cybersecurity Imperative’, benchmarks the cyber security practices and performance of over 1,300 organizations around the world.

As part of the study, respondents were asked to identify the leading internal and external risks to their organization, as well as to assess their own cyber security maturity. The study found that data sharing with suppliers represented the most significant risk to an organization’s IT infrastructure: 57 percent of all respondents highlighted data sharing with third parties as their greatest vulnerability. Because of their integrated supply chains, energy companies and utilities (66 percent), consumer markets firms (60 percent) and manufacturers (58 percent) are the most susceptible.

Attacks on and through third party partners, customers and vendors represent the fastest growing threats across the cyber risk landscape, as the use of supplier ecosystems and embedded systems continues to grow. Attacks on partners and vendors are expected to grow 284 percent and through partners and vendors by 247 percent over the next two years. In comparison, the implementation of information security practices for third parties are expected to grow just 106 percent over the same period – suggesting that the threat looms much larger than the planned efforts to contain it.

“As firms advance through digital transformation, they rely to an increasing degree on technology vendors and partners, exposing their organizations to ever-expanding third-party cyber risks,” Dov Goldman, VP, Innovation and Alliances at Opus, said. “Companies must support digital innovation with the tools and business practices to manage rising information security and privacy risks, especially those from third parties.”

Other significant findings from The Cybersecurity Imperative include:

  • People remain the largest risk to an organization. Nearly all firms (87 percent) see untrained general staff as the biggest cyber risk to their business.
  •  Digital transformation is creating significant risks for an organization. The areas of greatest impact are: new technologies, such as AI and IoT (56 percent), cloud-based and open platforms (55 percent), increasing interconnectivity and mobile use (38 percent).
  • When assessed across the NIST cyber security framework, just under half of companies (49 percent) are in the intermediate stage of cyber security maturity, while 31 percent are beginners and only 20 percent are leaders.
  • Digital maturity often goes hand-in-hand with cyber security maturity. Born-digital platform companies are more likely to be leaders (30 percent) and have the highest cyber security maturity score. Whereas 68 percent of digital beginners are also cyber security beginners.
  • Perceptions of cyber security change as a company’s approach matures: 19 percent of beginners see cyber security as a reputational risk, in contrast to 41 percent of leaders. 23 percent of leaders saw cyber security an area of competitive advantage compared to 6 percent of beginners.
  • The US ranked highest overall in cyber maturity and volume of companies with advanced cyber security programs. Rounding out the top five include South Korea, Japan, France and Australia.

Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.