Based on in-depth interviews with security executives from 30 participating organizations across multiple industries, RiskRecon revealed how companies are managing the security risks of their complex digital supply chains and sensitive business partnerships.
Researchers identified vendor-neutral capability sets comprising common, emerging, and pioneering practices that firms have implemented to manage third-party security risk.
“Enterprise risk officers are waking up to the reality that their information risk increasingly resides in the systems of their third-parties, beyond the bounds of their own network. You can outsource your systems and operations to third-parties, but you cannot outsource your risk,” said RiskRecon CEO Kelly White.
The financial services industry is the clear leader
Financial services firms have been actively managing third-party security risk for an average of six and a half years, nearly four years longer than firms in other industries. Financial services firms also are the drivers behind more than 60 percent of the pioneering practices observed in the study.
Third-party security risk management is rapidly innovating
Thirty-two percent of…