44% Of Company Breaches Result Of Using Third-Party Data Vendors
By: Jim Stickley and Tina Davis
September 8, 2019
New research shows a chasm of disconnect between organizations that believe their data is safe with third-party vendors and the reality of how secure these vendors–and their data–truly are. Earlier this year, Spiceworks surveyed 600 cybersecurity decision makers and IT professionals about just how sure they are about their data being safe with outside vendors and in many cases, vendors who also share data with their vendors.
There’s always an increased chance for data theft when it ends up in many different hands. It seems like common sense to many, but it’s a challenge for those in charge of keeping their company’s data safe from harm. This survey drops a reality bomb on this topic, finding 44% of business data breaches happen when security ends up in the hands of third-party vendors. Only 14% of all organizations surveyed trust their vendors’ reputation for keeping data safe.
There are many reasons for a company to use outside vendors, including cost-savings, but there’s risk involved with those savings when outsourcing company data is involved. There should be a cost-benefit risk assessment that IT and C-Level management need to mitigate. The Spiceworks survey looks at perceived data security, with only 59% of organizations having a third-party data risk policy in place, while 74% are confident their vendors have adequate breach protections. Of those who suffered a data breach, only 15% were notified by their vendor when a breach occurred. That translates to a lot of companies and their patrons who have no idea their data was stolen or for how long the data was exposed.
Leaving data security to vendors is a risky move, especially as only 48% of businesses review privacy policies and procedures of their vendors. When those vendors hand your company’s data security to their vendors and so on, trying to follow that web is next to impossible. For those responsible for data security, knowing how a third party vendor protects data is up to those in charge of it. Only 60% believe they have full visibility into how their data is stored and protected. In the face of some dismal numbers, the Spiceworks survey shows just how important it is to vet all vendors who access your company data. If you’re not comfortable with their processes, work with them to make them more to your liking. If they just won’t budge, it might be time to search for a new partner.
Knowing your company data is secure, who’s securing it and how it’s done is up to those in charge of it. Your customers will thank you.