Level 10
Malware Tester
This is not an opener for a sex-ed public service announcement, but in fact the million-dollar question for today's enterprise CISOs and CROs: which vendor in the supply chain will prove to be the riskiest bedfellow? With 63% of all data breaches caused directly or indirectly by third party vendors, enterprise measures to bolster cyber resilience must now include the evaluation of partners' security as part of a broader cyber risk management strategy. Easier said than done: most third parties are unlikely to admit to their security shortcomings, and—as it turns out—even if they did, most firms wouldn't believe them anyway.

According to a survey conducted by the Ponemon Institute, over a third of businesses "do not believe their primary third-party vendor would notify them if a data breach involving sensitive and confidential information occurred." This resignation isn't surprising as most enterprises—their hands full securing their own infrastructures and fending off cyber attacks—grapple with third party risk as a secondary concern. This is fast changing, however, as third party data breaches are becoming the norm in today's high profile data breach incidents. Even sensitive federal agencies are subject to government contractor risk.