Despite increased investments in third-party cybersecurity risk management over the last two years, 45% of organisations experienced third party-related business interruptions, according to a Gartner survey of senior executives involved in TPCRM.
According to Gartner, successful management of third-party cybersecurity risk depends on the security organisation’s ability to deliver on three outcomes—resource efficiency, risk management and resilience, and influence on business decision making. However, enterprises struggled to be effective in two out of those three outcomes, and only 6% of organisations are effective in all three, the survey found.
While 59% of organisations were effective in resource efficiency, 35% were found to be able to deliver on risk management and resilience, and only 14% were effective in influence on business decision-making.
“Third-party cybersecurity risk management is often resource-intensive, overly process-oriented and has little to show for in terms of results. Cybersecurity teams struggle to build resilience against third party-related disruptions and to influence third party-related business decisions,” said Zachary Smith, senior principal research…
