Posted on Nov 9, 2015

New Research Calls Out Today's Vendor Risk Challenges

New ESG Report: “Intelligence-driven Vendor and Supplier Security Risk Management”

A recent study conducted by Enterprise Strategy Group (ESG), an IT research and strategy firm based in Milford, MA, looks at the issue of third party supplier and partner security in depth. The new report discusses approaches to today's vendor risk management challenges and emerging technology solutions for improving the discipline. Keeping pace with security risks based in the partner ecosystem is a major business challenge for CISOs, vendor risk managers, and IT professionals in large enterprises.

Increases in the number of third parties and data breaches originating from suppliers are widening the attack surface, as are the volume of breaches originating from these partners. ESG's 2015 survey of 303 IT security professionals found the following data points, among many others:

  • 31% of respondents found that one or more of their IT suppliers have reported security breaches over the last few years.
  • 34% of organizations have experienced an increase in the number of external third parties with access to internal assets.

Download the Report

"CISOs are reacting to a complex vendor ecosystem and risk landscape by increasing their security budgets, recruiting staff, and purchasing the latest cybersecurity defenses," wrote Jon Oltsik, Senior Principal Analyst at ESG, in the report. "These tactics, however, often miss risks that are under the surface since they reside in partner and supplier systems."

Traditional vendor audits are based upon point-in-time technical information often collected on a quarterly or annual basis. While regulations require due diligence, the challenge of keeping pace with third party risk once a year is not helping companies become more secure.

"Security risk today is incredibly dynamic and fast moving... It cannot be isolated to a single point-in-time answer given on a vendor questionnaire or one-time audit," stated Dr. Aleksandr Yampolskiy, CEO & Co-founder of SecurityScorecard in a press release about the report. "Forward-looking organizations need a continuous and metrics-based view of security risk with real information depth in a context executives and board members can understand and easily digest, such as benchmark."

Invite a Vendor Example

It is not enough to have a static security rating. SecurityScorecard gives its customers information depth with ten categories and factors, and allows its customers to share Scorecards directly with vendors to speed up the remediation process of known issues.

"To be truly actionable, enterprises need a multi-dimensional assessment approach across all key security risk factors like SecurityScorecard provides rather than a single-dimensional security rating," stated ESG’s Oltsik in the report.

Learn why vendor risk is increasing, and how to use SecurityScorecard to help scale your vendor risk management.

Download the Report

Security Research in your Inbox

Thanks for siging up for the newsletter!

Our Platform

Learn How It Works

Find out how we use open source intelligence, proprietary and open data feeds, and deep machine learning systems to correlate, attribute, and prioritize risks.

Learn About the Platform

No waiting, 100% Free

Get your personalized scorecard today

Get your free scorecard and learn how you stack up across 10 categories of risk. Answer a few simple questions and we'll instantly send your score to your business email.

Get Your Free Score

Get In Touch

Thank you for contacting us!

Request a Demo

Thank you for requesting a demo!