Data from CyberGRX Exchange reveals upward trend of companies tracking portfolio-wide third-party risks and control gaps
ProcessUnity and CyberGRX, providers of comprehensive end-to-end cybersecurity and third-party risk management solutions to leading enterprises, today released a research report conducted by Enterprise Management Associates (EMA) titled ‘The Transformation of Cybersecurity from Cost Center to Business Enabler.’ The report focuses on the paradigm shift that is reshaping the way organizations approach cybersecurity, especially from a third-party risk management (TPRM) lens.
“I believe a modern TPRM strategy will take companies on a path to enlightenment,” said Christopher M. Steffen, CISSP, CISA, Vice President of Research at EMA. “The increasing reliance on external partners, vendors, and suppliers to perform critical functions and provide essential services bestows great rewards, but also great cyber risks. It is imperative that businesses start looking across their portfolio to proactively identify and manage the risks posed by third parties. Our analysis reinforces that modern TPRM has the potential to drive growth, foster innovation, and instill a culture of cybersecurity awareness across all levels of organizations.”
The published research examines and analyzes the current state of cybersecurity, the need to build a convincing case for adopting a risk-based approach to cybersecurity and discusses how TPRM is the future of cybersecurity strategy. Key findings include:
- Over 60% of individuals surveyed noted their organization experienced a cyber incident linked to a third party. This number jumps to nearly 80% when asked if their organization experienced a cyber incident of any kind. Traditional cybersecurity practices concentrate on protecting the organization's internal networks and systems. However, this limited scope fails to address potential risks that may originate from third-party relationships, leaving critical security gaps.
- 64% of those surveyed stated that TPRM was viewed as an organizational strategic imperative by their boards of directors and executive teams. Organizational leaders are recognizing that TPRM is critical, and not just another IT project. However, to be successful, efforts need to align with the broader business goals. Adopting a TPRM approach can streamline and enhance various cybersecurity and procurement processes, more effectively allocate resources and reduce costs, and prioritize security efforts based on the potential impact on critical business functions and sensitive data.
- 88% of survey respondents cited having a CISO within their organization, but less than 50% report that their CISO presents risks and makes recommendations to the board of directors. Transforming the approach to cybersecurity cannot occur without also transforming the role of the CISO. A modern CISO must be able to champion cybersecurity as a business enabler and align security initiatives with overarching organizational goals, ultimately elevating their company’s overall security posture. This transformation will be driven, in part, by recent SEC rules which identify the security chief as a critical member of the business leadership.
“The findings of this report align with the activity we’ve seen within our customer base,” said Fred Kneip, President, ProcessUnity. “There have been significant increases in the month-over-month adoption rate of Portfolio Risk Findings since February and over 50% increases in new assessment shares and customer acceptance rates. TPRM’s transformational power is being realized now more than ever, and the emergence of artificial intelligence will continue to drive it forward. I’m encouraged by the direction enterprise executives, security leaders, and the broader community are headed. Forging this new path in cybersecurity will build operational and security resiliency.”
Steffen will be participating in a webinar on Wednesday, October 18 at 11:00 am MT to dive deeper into the results of the survey. To learn more and register: https://info.cybergrx.com/webcast-rethinking-cybersecurity
To download the full report, please visit: https://info.cybergrx.com/ema-report-download-gt
About CyberGRX and ProcessUnity
CyberGRX and ProcessUnity provides leading enterprises with comprehensive end-to-end cybersecurity and third-party risk management solutions. Fueled by the world’s largest cyber risk exchange database, best-in-class workflow software, artificial intelligence, predictive analytics, and threat intelligence, CyberGRX and ProcessUnity enables organizations to quickly identify security gaps, reduce vendor onboarding and offboarding time, and proactively mitigate first- and third-party risks. As a result, organizations can more effectively safeguard their critical assets while lowering program costs. CyberGRX and ProcessUnity is trusted by major brands around the globe and is backed by Marlin Equity Partners. Learn more at CyberGRX.com & ProcessUnity.com.
View source version on businesswire.com: https://www.businesswire.com/news/home/20230926774207/en/
Contacts
Kate Shapiro
LaunchTech Communications
kate@golaunchtech.com
410-698-5211