As we approach the halfway point of 2022, the cybersecurity outlook for the year could be better. In April, there were at least 11 cyberattacks in the U.S. targeting several different sectors—public administration, healthcare, universities/education, telecommunication, and food. For instance, Austin Peay State University was the victim of a ransomware attack at the end of last month, as was the ADA (American Dental Assn.). Thanks in part to the spike in cybersecurity incidents in the wake of the COVID-19 pandemic, more organizations are investing in proactive measures to keep themselves as safe as possible.
One example of a proactive measure is adopting risk management software, which not only helps organizations prepare for potential cyberattacks but also helps them monitor and control various other risks, including those related to compliance. According to Allied Market Research, the global market for risk management (including both software and services) will reach $28.87 billion by 2027, up from $7.39 billion in 2019.
A new study from Prevalent examines how businesses are (or are not) managing risks associated with third-party vendors. One key finding from the 2022 Third Party Risk Management Industry Study is that 69% of respondents’ top concern about their relationships with third parties is the potential for a data breach. These organizations’ fears are founded. In fact, 45% of organizations report experiencing a data breach or other security incident connected to a third party in the last 12 months. This is a sharp increase from Prevalent’s 2021 report, in which 21% of respondents said their organizations were impacted by a third-party data or privacy breach. In the 2022 report, one in four respondents reported some sort of “significant business impact” because of a breach, including impacts like bad press, lost customers, and reduced revenue, among others.
And yet, the report suggests many organizations are leaving a lot on the table when it comes to protecting themselves against business risk like a cyberattack. Almost one-quarter (23%) admit to taking a passive approach to third-party incident response, and 8% reported they don’t have a third-party incident response program at all. What’s more, Prevalent’s research suggests manual processes are still holding organizations back. For instance, nearly half (45%) say they manually assess third parties using spreadsheets. Manual processes typically add complexity and time to a process while also introducing more opportunities for error, and 32% of Prevalent’s respondents say it takes a month or longer to produce the reporting and evidence required to meet regulatory audits.
On the other hand, solutions that automate the processes necessary to perform risk audits and handle incident detection and response can save businesses a lot of time and effort. Since IT and security teams are often stretched thin, automated risk management and/or incident response solutions can lead to more efficient operations and the ability to generate insights into potential and developing issues in realtime. With the right tech tools, security teams can better manage risks and stay more in control of developing situations. When an incident occurs and time is of the essence, businesses will be glad they thought ahead and planned for the worst.
Want to tweet about this article? Use hashtags #IoT #sustainability #AI #5G #cloud #edge #digitaltransformation #machinelearning #cybersecurity #riskmanagement #security #cyberattack #ransomware #COVID19 #Prevalent