BlueVoyant has conducted a survey of supply chain cyber risk, globally and for five individual countries. The survey was conducted this June. Here are some of their findings for the United States, according to 301 executives responsible for supply chain and cyber risk management:
- 92% have suffered a breach at the hands of a third party in the past twelve months. The average number of breaches in that period was 3.1.
- 57% had two to five breaches.
- 69% have limited visibility of their third party vendors.
- Only 9% monitor vendors weekly; the rest monitor monthly or less frequently.
- There are a large number of approaches to risk management. The most common was to use supplier risk data and analytics, used by 43% of respondents.
- 86% said their budget has increased.
- 42% identify problems with a supplier and/or work with them. However, 33% have no way of knowing if an issues arises.
These results show there are large concentrations of unknown third party risks in supply chains and vendors. BlueVoyant's recommendations:
- Decide who owns third party cyber risk.
- Improve visibility of supply chain data.
- Expand assessment, monitoring and reporting programs.
- Refine organization risk tolerance and apply it to third party risk management.
- Reduce false positive alerts.
- Drive supplier risk reduction activity.
The surveys are at bluevoyant.com.