Are third-parties putting your organization at risk?


It can be hard enough to manage your own security, but most companies have at least one partner that could be introducing security risks into the organization.

A new study from Shared Assessments, a vendor risk management organization, finds that most respondents are worried about how the third-parties they work with handle their information. Three-quarters (75%) of those surveyed said that third-parties pose a serious risk. And many think that’s a trend that will continue.

A growing threat?

Only about one-in-five (19%) respondents said they thought the threat from third-parties was decreasing. Others disagreed.

When asked to gauge the threat from third-parties:

  • 21% said it was increasing significantly
  • 20% said it was increasing, and
  • 29% reported it was staying about the same.

In total, that means 70% of those surveyed didn’t think the situation was getting any better. Another 11% said they couldn’t determine the overall trend.

Breaking it down

So what kinds of threats are respondents seeing? Many think that the move to the cloud is having a significant impact on security. Thirty-six percent agreed that cloud migration would pose a significant risk from third-parties. And another 32% strongly agreed with that statement.

The Internet of Things (IoT) was also a concern. Thirty-five percent agreed it added to risk, and another 25% agreed strongly.

Inaction could be costly

Despite their concerns, many organizations don’t seem to be taking much action. More than a quarter (27%) said they didn’t have a program for managing risks from third-parties. Another 44% said they had a program, but not a formalized one.

And when asked to rate their effectiveness at mitigating this risk on a 1-10 scale, a majority (61%) put themselves below 5.

All in all, only 50% of companies agreed that risk management was in line with the company’s overall goals.

What to do

The report strongly recommends having top management involved in order to mitigate the risk. Seventy-one percent said that the tone from the top reduces the risks of working with third-parties that aren’t trustworthy and 66% said it “incorporates such values as integrity, ethics and trustworthiness in relationships with third parties.”

Other steps to consider:

  • Ask around. Whether it’s through an industry organization or an informal reference check, be sure to find out what your fellow IT pros have thought about potential vendors.
  • Document your needs. According to Brad Egeland of Business Know-How, it’s important to have a list of what you need and expect from your suppliers before going ahead with the process.
  • Don’t be afraid of second chances. Even if a provider was unable to win your business in the past, that doesn’t make them unfit for consideration going forward. If an eliminated contender isn’t considered, you could miss out.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy