Aktuelles
Panorays Study Finds 94% of CISOs are Concerned About Third-party Cyber Threats, Yet Only 3% Have Implemented Security Measures
January 2024 by Panorays
Panorays has conducted its 2024 CISO Survey of 200 CISOs to determine their sentiments around third-party security management, AI-driven solutions, and challenges they are facing this year. The study found that while 94% of CISOs are concerned with third-party cybersecurity threats – including 17% who view it as a top priority – only 3% have already implemented a third-party cyber risk management solution at their organizations and 33% plan to implement one this year. In 2024, 65% of CISOs expect the third-party cyber risk management budget to increase. Of those respondents, 40% said it would increase from 1-10% this year.
"CISOs understand the threat of third-party cybersecurity vulnerabilities, but a gap exists between this awareness and implementing proactive measures," said Matan Or-El, Founder and CEO at Panorays. "Empowering CISOs to swiftly fortify defenses by analyzing and addressing gaps is crucial in navigating the current cyber landscape. After all, with the speed of AI development, bad actors will continue to leverage this technology for data breaches, operational disruptions, and more. "
The State of Third-party Security Management
CISOs at very large enterprises (73%) are more concerned about third-party cybersecurity threats compared to mid-size enterprises (47%). Only 7% of CISOs said they were not concerned at all. Of the respondents, 34% are currently implementing a third-party cyber risk management solution and 26% plan to implement a new solution in 2025 or later. Four percent of CISOs said it was not a priority and 3% had never even heard of a third-party cyber risk management solution. While CISOs see the value of implementation, widespread adoption of third-party security solutions is low.
In their organizations, 54% of the team that managed third-party risk included IT, risk, operations or privacy teams, 36% said their security was managed by back office teams (legal, finance and procurement) and 10% outsourced to external service providers. Of the respondents, 79% of the teams were 6 to 20 people and 5% had more than 20 responsible for third-party cyber risk management in their organization.
Implementing AI Solutions
CISOs remain confident that AI solutions can improve third-party security management. Of the respondents, 80% said AI-driven solutions can prevent a significant amount of breaches. When it comes to reducing third-party threats, CISOs use a combination of tools to gain effectiveness. Out of different security options, CISOs rated cyber questionnaires for third parties (73%) and compliance management tools (70%) and API monitoring of third parties in the supply chain (68%) as the most effective tools.
CISOs also believe that AI solutions are instrumental to safeguarding organizations. The respondents highlighted the effectiveness of AI-driven solutions in enhancing third-party security programs, with key priorities including:
23% focusing on improving supply chain discovery by mapping all 3rd, 4th, and Nth parties
21% aiming to enhance asset discovery of third parties, reducing false positives and false negatives.
17% prioritizing the automatic mapping and classification of third parties based on business criticality.
17% streamlining cybersecurity processes by automatically completing questionnaires
15% aiming to increase assessment accuracy through AI-based validation
8% focusing on predicting third-party breaches
Prioritizing Third-party Security Management this Year
The top challenge CISOs see in 2024 when it comes to third-party risk management is complying with new regulations for third-party risk management (20%). Other challenges included:
Communicating the business influence of third-party risk management: 19%
Not enough resources to manage risk in the growing supply chain: 18%
AI-based third parties breaches increasing: 17%
No visibility to Shadow IT usage in their company: 16%
Prioritizing the risk assessment efforts based on risk critically: 10%
When it comes to choosing the right third-party cyber risk management solution, CISOs expect a solution that has diverse capabilities in order to gain the most effectiveness. In the study, 44% of CISOs said risk quantification (quantifying third-party cyber risk exposure in dollar values) is a very important capability. Receiving suggested remediation actions for gaps or emerging threats (40%), threat intelligence (39%) and integration to other systems (38%) also emerged as important to CISOs to choosing the right third-party cyber risk management solution.
"In 2024, confronting regulatory changes and escalating third-party cyber risks is paramount," continued Or-El. "Despite resource constraints and rising AI-related breaches, increased budget allocation towards cyber risk management is a positive step in the right direction."
