Companies large and small are struggling to stave off data breaches and prevent compliance violations as third-party partners they increasingly rely upon come under attack. These findings are according to a new survey fielded by CRA Business Intelligence, the insights and research unit of cybersecurity information services company CyberRisk Alliance, and SecurityScorecard, the global leader in cybersecurity ratings.
This survey gauged gauged how well organizations understand and manage risks associated with third-party relationships. Read our report to learn our key findings, including:
- Ninety-five percent (95%) of respondents expressed some level of concern with IT security risks from third-party business relationships, and 67% of participants experienced a significant increase in third-party-related security events within their organizations during the past year.
- Those working in the heavily regulated financial services sector were most apt to report a third-party-related cyber event.
- The most popular mitigation strategy for managing third-party IT security risks was a hybrid approach in which some, but not all, work is completed in-house.
- A majority of those surveyed were at least considering – if not already incorporating – principles of zero trust to reorganize privileges and restrict third-party user and device access to their networks.

