Despite increased investments in third-party cybersecurity risk management (TPCRM) over the last two years, 45% of organizations experienced third party-related business interruptions, according to a new Gartner, Inc. survey.
“Third-party cybersecurity risk management is often resource-intensive, overly process-oriented and has little to show for in terms of results,” said Zachary Smith, Sr Principal Research at Gartner. “Cybersecurity teams struggle to build resilience against third party-related disruptions and to influence third party-related business decisions.”
The survey was conducted in July and August 2023 among 376 senior executives involved in third-party cybersecurity risk management across organizations from different industries, geographies and sizes.
Effective TPCRM Depends on Delivery of Three Outcomes
Successful management of third-party cybersecurity risk depends on the security organization’s ability to deliver on three outcomes – resource efficiency, risk management and resilience and influence on business decision making. However, enterprises struggle to be effective in two out of…
