ABSTRACT
Vendors are responsible for 63% of reported data breaches. One reason for this is that prior to 2019, not all 50 states had data breach notification laws. Cyber risk is based on digital assets. Each second, third, and fourth party becomes a part of your digital ecosystem. Your digital ecosystem multiplies your cyber risk exponentially. Measuring and monitoring these non-first-party cyber risks are crucial to avoid data breaches. Most recently, regulators have provided detailed guidance on the requirements for risk assessments and monitoring of third-party cyber risk.
A recent survey conducted by the Ponemon Institute reveals that 53% of organizations had one or more data breaches caused by a third party, which cost an average of US$7.5 million to remediate. Data breaches caused by third parties are twice as costly as internally caused data breaches and are devastating to small businesses.
As businesses grow, they will use more and more third parties to provide specialty services. This expands your digital asset ecosystems. The larger the digital ecosystem, the more likelihood that a hacker will breach your business. Vendors should be trusted, but they must be verified.
