Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

New study reveals that the top business concerns about supply chain relationships are cyber attacks and data loss

BitSight Technologies has released the results of a commissioned study, conducted by Forrester Consulting on behalf of BitSight, which reveals third-party security as a top business concern for enterprises. The findings suggest a significant appetite for monitoring third-party security but a steep disconnect in resources available to adequately and objectively manage this.

The study, ‘Continuous Third-Party Security Monitoring Powers Business Objectives and Vendor Accountability,’ is based on surveys of IT security and risk-management decision makers in the US, UK, France and Germany.

Forrester found that when it comes to tracking third-party risk, critical data loss or exposure (63 percent) and the threat of cyber attacks (62 percent) ranked as the top concerns, above standard business issues, including whether the supplier could deliver the quality and timely service as contracted (55 percent). Despite the desire for more robust insight into third-party security practices, only 37 percent of survey respondents reported tracking any of these metrics on a monthly basis.

The research further reveals that a vast majority of IT decision makers believe that continuous third-party monitoring would have a major improvement on their security effectiveness in key areas, such as event identification time (76 percent), event remediation time (72 percent) and response times to high-profile events (71 percent).

“Across the nine types of third-party information we surveyed IT security decision-makers on, an average of 59% indicated a desire to track and monitor. Yet across those same nine information types, an average of only 22% were tracking with monthly or greater frequency”, according to Forrester Consulting. “Enterprises overwhelmingly anticipate major or moderate improvement to many metrics around third-party evaluation, such as the ability to compare security postures, screen vendors based on risk, and evaluate infrastructure configurations. Additionally, enterprises anticipate reductions in times required for security event identification and remediation times and responses to high-profile events.”

“The supply chain has become a cyber security minefield for companies, as we’ve seen with breaches caused by third-party vendors at Target, Neiman Marcus, Goodwill, Home Depot and many more,” said Stephen Boyer, CTO and co-founder of BitSight Technologies. “Continuous, data-driven monitoring of third-party security vulnerabilities and threats has become essential for effective vendor risk management.”

Other key findings:

  • Forrester estimates that enterprises allocated 21 percent of their overall IT budget to third parties.
  • 63 percent of respondents believe continuous third-party monitoring would improve their ability to screen vendors based on risk.
  • 79 percent of respondents reported that ensuring business partners and third parties comply with their security requirements is a top IT security priority over the next 12 months.
  • 82 percent of respondents said that ensuring regulatory compliance is a ‘critical’ or ‘high’ priority, but only 29 percent were fully compliant, on average, across eighteen regulations or best practice guidelines.


•Date: 10th March 2015 • Various •Type: Article • Topic:: Operational risk

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here