If your organization works with third-party vendors, the risks that they carry can have a big impact on your business. Here are some statistics about vendor risk that, while they are constantly changing and evolving, will get you thinking about why it’s important to know who your third parties are and understand their risks.
54% of respondents said their organizations have been conducting third-party risk assessments for less than 5 years. Click To TweetOnly 10% of respondents are extremely confident in their third-party risk management programs. Click To TweetSource: Prevalent Survey
Only 39% are assessing more than three-fourths of those top-tier vendors—despite 66% saying they should be. Click To TweetSource: Prevalent Survey
According to a recent survey conducted jointly by CW and Aravo, 18 percent of respondents indicated their companies work with more than 1,000 third parties, and another 16 percent said they work with more than 10,000 third parties.… Click To TweetSource: Prevalent Survey
74 percent of companies do not know all the third parties that handle their data and personally identifiable information (PII). Click To TweetSource: Compliance Week
Vendors are accessing your network more than you think. On average, 89 vendors are accessing a company’s network every week. Click To TweetSource: Optiv
Vendors on average have to touch 4.6 devices, such as VPN, firewalls, directories and more. Click To TweetSource: Bomgar survey
A full 87 percent of survey respondents admitted they had faced a disruptive incident with third parties in the last two to three years, with 28 percent reporting they had suffered a major disruption and 11 percent experiencing a… Click To TweetSource: Soha Systems
In a 2019 survey of the top threats companies are worried about, third-party misuses or shares our confidential data came in first with 64% of respondents worried about it. Click To TweetSource: Deloitte
70% of organizations believe they are underinvested in third-party risk management. Click To TweetSource: Ponemon
Companies spend much more time managing vendor risk by focusing internally than externally. Internal controls testing drives the approach to such assurance in the vast majority of cases—80.5%. Click To TweetSource: Compliance Week
The indirect and direct costs of third-party risk management for the healthcare industry averages $23.7 billion annually. Click To TweetSource: Deloitte
For breaches in 2019, if a third party caused the data breach, the cost increased by more than $370,000, for an adjusted average total cost of $4.29 million. Click To TweetSource: Ponemon
63% of all cyber attacks could be traced either directly or indirectly to third parties. Click To TweetSource: IBM
Assuming a capacity of 40 hours per week, we estimated 512 hours per month or 6,163 hours per year dedicated to third-party risk management. Click To TweetSource: Soha Systems
Source: Ponemon
Learn more about how you can properly identify and manage vendor risk with FRSecure, or download an easy tool to help you kickstart the vendor risk management process on your own.
1 Comment