A report released Monday by the Ponemon Institute found that the risk associated with third party data sharing is growing, but the C-Suite is not adequately prioritizing the issue.
The report, sponsored by Shared Assessments, found that third party vendors and partners can significantly increase the risk of cyberattacks or data breaches.
As a result of "negligent or malicious" third parties, Ponemon researchers found that organizations spent an average of $10 million responding to security incidents.
As more companies enable third party access to their data, it’s essential they understand what each party is responsible for, especially when it comes to security measures.
The Ponemon Institute surveyed 617 business executives who maintain a role in risk management processes.
Though 70% of respondents say the third-party risk in their organization is significantly increasing with the growth of technologies like IoT and cloud, few companies have or are prepared to measure an effective third party risk management program.
The report also found that accountability for managing third-party risk is often dispersed throughout the organization.
"Not having one person or function with ownership of third party data risk is a serious barrier to achieving an effective third-party risk management program," said Larry Ponemon, the survey’s author. "Anytime you share responsibility you run the risk of it not getting done, or not getting done right."
Most survey respondents felt IoT and cloud were the biggest contributors to increased third-party data risk. Of those surveyed, 60% of respondents believe IoT increases third-party risk significantly and 68% of respondents believe migration to the cloud will increase risk.
Even though many believe third-party risk is rising, survey respondents felt that minimizing both downtime and business disruptions were bigger priorities. Only 8% of respondents said improvement of their organization’s relationship with business partners was the number one risk management objective for their organizations.