If your organization works with third-party vendors, the risks that they carry can have a big impact on your business. Here are some statistics about vendor risk that, while they are constantly changing and evolving, will get you thinking about why it’s important to know who your third parties are and understand their risks.
54% of respondents said their organizations have been conducting third-party risk assessments for less than 5 years. Share on XOnly 10% of respondents are extremely confident in their third-party risk management programs. Share on XSource: Prevalent Survey
Only 39% are assessing more than three-fourths of those top-tier vendors—despite 66% saying they should be. Share on XSource: Prevalent Survey
According to a recent survey conducted jointly by CW and Aravo, 18 percent of respondents indicated their companies work with more than 1,000 third parties, and another 16 percent said they work with more than 10,000 third parties.… Share on XSource: Prevalent Survey
74 percent of companies do not know all the third parties that handle their data and personally identifiable information (PII). Share on XSource: Compliance Week
Vendors are accessing your network more than you think. On average, 89 vendors are accessing a company’s network every week. Share on XSource: Optiv
Vendors on average have to touch 4.6 devices, such as VPN, firewalls, directories and more. Share on XSource: Bomgar survey
A full 87 percent of survey respondents admitted they had faced a disruptive incident with third parties in the last two to three years, with 28 percent reporting they had suffered a major disruption and 11 percent experiencing a… Share on XSource: Soha Systems
In a 2019 survey of the top threats companies are worried about, third-party misuses or shares our confidential data came in first with 64% of respondents worried about it. Share on XSource: Deloitte
70% of organizations believe they are underinvested in third-party risk management. Share on XSource: Ponemon
Companies spend much more time managing vendor risk by focusing internally than externally. Internal controls testing drives the approach to such assurance in the vast majority of cases—80.5%. Share on XSource: Compliance Week
The indirect and direct costs of third-party risk management for the healthcare industry averages $23.7 billion annually. Share on XSource: Deloitte
For breaches in 2019, if a third party caused the data breach, the cost increased by more than $370,000, for an adjusted average total cost of $4.29 million. Share on XSource: Ponemon
63% of all cyber attacks could be traced either directly or indirectly to third parties. Share on XSource: IBM
Assuming a capacity of 40 hours per week, we estimated 512 hours per month or 6,163 hours per year dedicated to third-party risk management. Share on XSource: Soha Systems
Source: Ponemon
Learn more about how you can properly identify and manage vendor risk with FRSecure, or download an easy tool to help you kickstart the vendor risk management process on your own.
1 Comment