TMCnet News
Organizations Deprioritize Third-Party Relationships as Potential Breach Sources, CyberGRX Study RevealsCyberGRX, provider of the world's first and largest global risk exchange, today announced the results of their commissioned study on how organizations prioritize third-party risk. Conducted by Forrester (News - Alert) Consulting, the research comprises surveys from 319 respondents in IT, security, and risk roles covering technology, retail, oil and gas, healthcare, financial services, and other highly regulated industries. The study highlights that while organizations recognize third-party threats expose them to great risk, many organizations fail to take adequate measures to mitigate it. In fact, while they grapple with third-party cyber risk management (TPCRM), the weak points in their current mitigation strategies exacerbate the threat of cyber incidents. The Forrester study, Why Isn't Your Organization Prioritizing Third-Party Risk?, identifies four major themes:
"Organizations that fail to take thoughtful steps to monitor, defend, and prepare for third-party cyber incidents have undermined their entire cybersecurity posture," said Dave Stapleton, CISO, of CyberGRX. "As the Forrester study highlights, many organizations recognize the hazards posed by third parties; however, their actions do not reflect effective mitigation. Lacking a defined TPCRM strategy creates the opportunity for a breach, even if internal risk management strategies are otherwise solid and effective." To improve third-party cyber risk practices, organizations must consider vendors as an extension of their own brand, and set a strict baseline and expectations for their cyber maturity. Companies should leverage data and automation to ensure that their entire supply chain will meet the outlined cyber requirements. Additionally, it is imperative to continuously monitor the changing cyber risk of vendors. As new attack vectors are unleashed, a vendor's security posture can be rapidly altered. Finally, constant communication regarding cyber posture and compliance among all parties involved is critical and security training for employees and stakeholders should be mandatory. CyberGRX's Chief Information Security Officer, Dave Stapleton, and guest speaker, Forrester principal analyst Renee Murphy will present key findings and recommendations from the research during a webinar on Tuesday, October 12 at 2:00 pm EDT. To learn more:
Register for the webinar
About CyberGRX CyberGRX is on a mission to modernize third-party cyber risk management. Built on the market's first and largest third-party cyber risk exchange, CyberGRX's dynamic and scalable approach is innovating TPCRM for enterprises and third parties. Armed with fast and accurate data and a proven and innovative approach, CyberGRX customers make rapid, informed decisions and confidently engage with partners. Based in Denver, CO, CyberGRX was designed with partners including Aetna, Blackstone and MassMutual.
View source version on businesswire.com: https://www.businesswire.com/news/home/20210922005130/en/ |