But executives aren’t confident in the accuracy of cybersecurity assessment data received from their vendors, a new study shows.
Financial services executives and managers responsible for the corporate checkbook would rather forgo business with a partner that is not serious about cybersecurity than run the risk of a breach, a new report found.
Some 97% consider cyber risk to be an important or critical issue, and 78% of those surveyed would refuse a partnership with a company that had poor cybersecurity performance, according to a new survey of 129 financial service professionals by security-rating firms BitSight and the Center for Financial Professionals.
“These results not only talk to the importance of having a strong third-party risk management program in place, but – when you think about the implication that they have for a company doing business with financial firms – now you have to demonstrate strong cybersecurity performance or you might lose business,” said Jake Olcott, vice president of government affairs for BitSight.
Suppliers and supply chains have become the latest focus of companies trying to reduce their cyber risk. In 2018, a survey by the Ponemon Institute found that nearly 60% of organization had a data breach caused by a third party, but that only 34% of companies had created an inventory of all their suppliers.
The most recent high-profile attack on a third-party supplier — the breach of remote work enabler Citrix — underscores the danger. The company announced in early March that the FBI had notified the firm that attackers had downloaded business documents from its internal network.
About half of all attacks involve jumping from one corporate network to another, a technique dubbed “island hopping,” according to a recent report.
“Supply chains are easy and lucrative targets,” Mike Bittner, digital security and operations manager at The Media Trust, a website security firm, said in …
Author: Robert Lemos Technology Journalist/Data Researcher