The biggest cybersecurity challenge organizations face is having the manpower to manage third-party identities and cyber risk.

Protecting access points and identities is critical for campus IT


The biggest challenge organizations face is having the manpower to manage third-party identities and cyber risk

“In a constantly evolving third-party threat landscape, organizations need to be proactive and innovative in their approach to preventing cyberattacks and data breaches,” said Dr. Larry Ponemon, chairman and founder of Ponemon Institute. “Limited cybersecurity budgets and not having the desired level of in-house expertise require organizations to invest wisely in those practices that address gaps in their third-party remote access security practices. Most importantly, these include having a comprehensive inventory of all third parties with access to their networks and defining and ranking the levels of risk to sensitive information.”

The report outlines specific challenges organizations are grappling with as they attempt to respond to a clear uptick in cyberattacks and new vulnerabilities brought on by digital transformation. Key findings include:

  • Rising cyber threats: Over the last year, organizations have had to adapt to an increasing volume of threats, with 75% of respondents stating they have seen a significant increase in security incidents in the past 12 months, most often due to credential theft, ransomware, DDoS and lost or stolen devices.
  • Too much access and too little monitoring: 70% of organizations state that a third-party breach came from granting too much access. At the same time, 50% of organizations don’t monitor access, even for sensitive and confidential data, and only 36% of respondents document the level of access for both internal and external users.
  • Resistance to security automation: 51% of organizations are increasing their automated monitoring of security threats. However, 64% of organizations still rely on manual  monitoring procedures, costing an average of seven hours per week to monitor third-party access.
  • Underreporting of third-party data breaches: Respondents reporting their organization had a third-party data breach increased from 51% in 2021 to 56% in 2022. However, only 39% of respondents say they’re confident that the third party would notify them if the data breach originated in their organizations.
  • Limited cybersecurity budgets: Over half of organizations are spending up to 20% of their budget on cybersecurity, yet 35% still cite budget and resources as a barrier to strong security. Resulting breaches have an average financial impact of over $9 million, not counting damage and theft of assets and infrastructure.
  • Weak vendor audits: Organizations continue to rely upon contracts to manage the third-party risk of vendors with access to their sensitive information with 60% relying on the third party’s business reputation alone.

The report recommends that organizations adapt to today’s changing security environment by reducing the complexity of their cybersecurity infrastructure, improving internal governance, and enhancing oversight practices. Further insight from highly effective organizations demonstrates that assigning individuals to manage third-party risk, comprehensive documentation of network access, and ensuring security compliance are all essential for strong cybersecurity preparedness.

The study was conducted by Ponemon Institute on behalf of SecureLink and includes responses from 632 IT and security professionals engaged in their organization’s approach to managing remote third-party data risks. Respondents are based in the United States, spanning five industries, including financial services, healthcare, education, and industrial and manufacturing.

This press release originally appeared online.

Laura Ascione

"(Required)" indicates required fields