Cybersecurity related services company BlueVoyant published the report ‘Global Insights: Cyber Risk Management Across the Extended Vendor Ecosystem’, where the independent research organization, Opinion Matters, recorded the opinions and experiences of 1,200 communications managers , security managers and product representatives in organizations with more than 1,000 employees.
According to the study, 97% of surveyed companies have been affected by a cybersecurity breach in the supply chain and 93% claimed to have been directly affected by this class of attacks.
Other findings of the report show that there is still a long way to go in terms of digital security, since the average number of incidents experienced in the last 12 months per organization grew from 2.7 in 2020 to 3.7 in 2021, an increase of 37% compared to the last year. Also of concern is the fact that 38% of respondents said they had no way of knowing when or if a cybersecurity problem arises from one of their third-party vendors Faced with this scenario, 91% declared that the budget for third-party cyber risk management will increase in 2021.
While the budget increases, the risk is latent
Although 29% of companies reported increases in the cyber risk management budget from 26 to 50%; 42% reported an increase of 51-100% and 17% reported increases of 100% or more, the effectiveness of these investments is limited by the increase in these attacks.
Of the companies surveyed in the study, the business services sector has the largest number of employees in their cybersecurity or risk teams, consequently, they were more likely to be able to monitor the risk of third parties on a daily basis.
The healthcare sector exhibited the highest rate of third-party cyber risk awareness with 55% saying identifying risk was a key priority, compared to an average of 42%. However, this sector also reported high numbers of violations, with 29% reporting 6 to 10 violations in the last 12 months, compared to an average of 19%.
Manufacturing sector respondents are less likely to identify third-party / supply chain cybersecurity risk as a key priority and are more likely to report only on an annual basis.
Although the effectiveness of these budget increases has yet to be evaluated, this shows that companies are increasingly recognizing the need to invest in cybersecurity; however, the large number of weak points still creates uncertainty in this area.
With respect to Latin America, the region presents the same trend as the rest of the world, with a particular emphasis on financial services and the manufacturing and retail sectors. In this sense, an increase in the recognition of this type of threats is observed in the region, and with it a greater interest in the adoption of solutions that allow identifying the risk of third parties and mitigating its consequences.