• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Subscribe
  • Project of the Week
  • About Us
    SEARCH
Compliance, IT Infrastructure, Network Security, News

Research: Vendors Are Introducing Security Risk Into Customer Environments

SecurityScorecard found that 98% of organizations have at least one-third party vendor that has been breached in the last two years.

February 6, 2023 Zachary Comeau Leave a Comment

cybersecurity, vendor risk, third party vendor security risk

While organizations are facing threats from malicious actors and nation-state groups, they should also be concerned with the security risks that their vendors and service providers are introducing into their environment, according to new research from cybersecurity ratings company SecurityScorecard.

The New York-based company’s research with cybersecurity research firm Cyentia Institute found that 98% of organizations have vendor relationships with at least one-third party that has experienced a security breach in the last two years.

The study analyzed data from over 235,000 organizations across the globe and more than 73,000 vendors and products used directly by those organizations, and found that the more third parties organizations engage with, the more risk is introduced.

According to the study,  Close Encounters of the Third (and Fourth) Party Kind, 50% of organizations have indirect relationships with at least 200 breached fourth-party vendors in the last two years.

For every third-party vendor in their supply chain, organizations typically have indirect relationships with 60 to 90 times that number of fourth-party relationships, the research found. Additionally, third-party vendors are five times more likely to exhibit poor security compared to the original organization.

SecurityScorecard also found that about 10% of third-party vendors receive an F rating among organizations that earn an A rating for their own security posture.

According to the research, the information services sector has the highest average number of third-party relationships at 25, more than twice the number of overall third-party relationships. That could be due to that sector’s reliance on technology, the firm theorizes.

On the flipside, the finance sector averaged the lowest number of third-party relationships at 6.5. In between information services and finance were healthcare and insurance, which averaged 15.5 and 11 vendors, respectively.

SecurityScorecard says organizations should take these steps to address their third- and fourth-party risk:

  • Identify which companies your organization works with and gain visibility into your organization’s vendor ecosystem.
  • Determine the security posture of your organization’s vendors.
  • Collaboration with vendors to improve your organization’s security posture.
  • Monitor your vendors’ cyber risk.

The data demonstrates why managing cyber risk across the digital supply chain is critical as threat actors work to exploit third-party vendors, says Wade Baker, partner and co-founder at The Cyentia Institute.

“Identifying and continuously monitoring all partners and customers within the digital supply chain is key to staying ahead of any potential risk,” Baker says. “By having full visibility into the security posture of their third and fourth parties, organizations can work with their vendors to address any cybersecurity gaps they may have in their infrastructure and, in turn, reduce their own level of cyber risk.”

Tagged With: SecurityScorecard, Supply Chain security, Third-party vendors

Related Content:

  • Microsoft Loop IT What You Need to Know About Microsoft Loop
  • YAMAHA UC ADECIA Yealink Yamaha UC Partners With Yealink for Audio &…
  • Microsoft, ChatGPT, GPT-4, GPT-3.5 What’s New With ChatGPT and Generative AI This…
  • CISA Ransomware CISA Wants You To Report Anything You Know…

Free downloadable guide you may like:

  • Four IT Trends That Will Define 2023Expert Series: Four IT Trends That Will Define 2023

    Learn about four key technologies we identified as critical to your IT organization’s success in 2023, as well as how to invest in new innovations emerging from each.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Four IT Trends That Will Define 2023
Expert Series: Four IT Trends That Will Define 2023

Learn about four key technologies we identified as critical to your IT organization’s success in 2023, as well as how to invest in new innovations ...

Harnessing the Power of Digital Signage
Harnessing the Power of Digital Signage

Choosing the best solutions for messaging, branding, and communicating in today’s content-everywhere landscape

Blueprint Series Cover: What works for hybrid work
Blueprint Series: What Works for Hybrid Work

Download this free resource to learn about how IT leaders can effectively manage and implement a hybrid work model.

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Subscribe to the Newsletter
  • Contact Us
  • Media Solutions & Advertising
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSTERMS OF USEPRIVACY POLICY

© 2023 Emerald X, LLC. All rights reserved.