15 Eye-Opening Vendor Risk Statistics

If your organization works with third-party vendors, the risks that they carry can have a big impact on your business. Here are some statistics about vendor risk that, while they are constantly changing and evolving, will get you thinking about why it’s important to know who your third parties are and understand their risks.

54% of respondents said their organizations have been conducting third-party risk assessments for less than 5 years. Click to Tweet

Source: Prevalent Survey

Only 10% of respondents are extremely confident in their third-party risk management programs. Click to Tweet

Source: Prevalent Survey

Only 39% are assessing more than three-fourths of those top-tier vendors—despite 66% saying they should be. Click to Tweet

Source: Prevalent Survey

According to a recent survey conducted jointly by CW and Aravo, 18 percent of respondents indicated their companies work with more than 1,000 third parties, and another 16 percent said they work with more than 10,000 third parties. That's a lot of vendor risk. Click to Tweet

Source: Compliance Week

74 percent of companies do not know all the third parties that handle their data and personally identifiable information (PII). Click to Tweet

Source: Optiv

Vendors are accessing your network more than you think. On average, 89 vendors are accessing a company’s network every week. Click to Tweet

Source: Bomgar survey

Vendors on average have to touch 4.6 devices, such as VPN, firewalls, directories and more. Click to Tweet

Source: Soha Systems

A full 87 percent of survey respondents admitted they had faced a disruptive incident with third parties in the last two to three years, with 28 percent reporting they had suffered a major disruption and 11 percent experiencing a complete third party failure. Click to Tweet

Source: Deloitte

In a 2019 survey of the top threats companies are worried about, third-party misuses or shares our confidential data came in first with 64% of respondents worried about it. Click to Tweet

Source: Ponemon

70% of organizations believe they are underinvested in third-party risk management. Click to Tweet

Source: Compliance Week

Companies spend much more time managing vendor risk by focusing internally than externally. Internal controls testing drives the approach to such assurance in the vast
majority of cases—80.5%.
Click to Tweet

Source: Deloitte

The indirect and direct costs of third-party risk management for the healthcare industry averages $23.7 billion annually. Click to Tweet

Source: Ponemon

For breaches in 2019, if a third party caused the data breach, the cost increased by more than $370,000, for an adjusted average total cost of $4.29 million. Click to Tweet

Source: IBM

63% of all cyber attacks could be traced either directly or indirectly to third parties. Click to Tweet

Source: Soha Systems

Assuming a capacity of 40 hours per week, we estimated 512 hours per month or 6,163 hours per year dedicated to third-party risk management. Click to Tweet

Source: Ponemon


Learn more about how you can properly identify and manage vendor risk with FRSecure, or download an easy tool to help you kickstart the vendor risk management process on your own.


Brandon Matis on Linkedin
Brandon Matis
Content Marketing Specialist at FRSecure
As the Content Marketing Specialist for FRSecure, Brandon spins complex, technical security jargon into intelligible content that is easy to understand. Through journalistic-style writing and graphic design, Brandon creates multichannel, multi-industry content that summarizes the current state of the security industry.

1 reply

Trackbacks & Pingbacks

  1. The Benefits of Using SaaS Vendor Management Software - IntelligentHQ says:

    […] recent study found that nearly 35 percent of business owners polled weren’t sure about the actual number of vendors accessing their network. Providing […]

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *