Over one third (38%) of IT professionals say they are very concerned about the security risks third-party providers present to their organisation, according to the latest Twitter poll run by Infosecurity Europe, Europe’s number one information security event. More than a quarter (27.7%) admit they have no processes in place to control data and information flow between suppliers, with 20.1% simply having no idea whether any such measures have been implemented.
In addition to the IT professionals who are very concerned about third party risk, a further 33.9% feel somewhat concerned, with a confident 28.1% saying they are not at all concerned. While more than half (52.3%) of respondents have a process in place to control data flow between providers, only 35.1% actually enforce this policy.
Infosecurity Europe also asked IT professionals what security prerequisites would be top of the list when preparing to work with a supplier. The number one priority was a full risk assessment (37.9%), followed by cyber insurance (24.3%), proven compliance (21.7%) and national accreditation (16.1%).
Recent research from the Ponemon Institute and SecureLink has found that almost half of all organisations have suffered a data breach via a third party in the past 12 months. The risk is likely to rise as businesses along the supply chain adjust to yet another shift in working models, creating new vulnerabilities. In addition, organisations will increasingly turn to third party providers as they seek to streamline their operations, widening their attack surface.
Click below to share this article