Why vendor breaches still haunt enterprise IT leaders

News
By
published

Managing third-party vendors has become increasingly important

Data center blackout concept image showing server room with red lighting signifying downtime during cloud outages.
(Image credit: Getty Images)

Nearly half (47%) of enterprises suffered highly disruptive outages due to vendor-related breaches last year, according to research from Resilience.

This is a blind spot for businesses, the report said, with many businesses claiming familiarity but not confidence in their reliance on third parties.

While 83% of those surveyed described themselves as ‘familiar’ with their third-party vendor systems, just 35% feel that vendor due diligence is effective in mitigating cyber risks.

Smaller businesses report this disconnect more noticeably, according to the study. Almost half (43%) of businesses with annual turnovers of over £750 million view vendor due diligence as an effective measure compared to just 24% of firms with an annual turnover below £250 million.

That being said, 44% of large businesses considered vendor outages to be a key concern compared to a total average of 40%. Growing mid-sized companies appear to be at the most risk as a resurgence of ‘big-game hunting’ takes place, the report said.

These firms are increasingly attractive targets owing to a comparative lack of resources. 34% of firms with a turnover above £1 billion went unscathed by vendor outages.

“Cyber risk has become an undeniable reality for businesses of all sizes, yet our findings highlight a concerning gap in understanding and preparedness, particularly in how leaders assess and manage these risks as financial risks,” Resilience CEO Vishaal Hariprasad said.

Vendor outages remain a huge headache

This study points to a growing concern surrounding vendor-related downtime, with one particularly large outage causing chaos across the tech landscape last year.

RELATED WHITEPAPER

Making cloud accessible and affordable for small businesses

(Image credit: ANS)

Removing the barriers to growth

A botched update from cybersecurity vendor CrowdStrike wreaked havoc last summer, with one insurance firm estimating that it affected millions of devices worldwide and caused over $5 billion in losses.

While not the result of a cyber attack, this outage drew global attention to the importance of supply chain resilience and the serious effects that an over-reliance on third-party vendors can cause.

Outages of this kind have caused fear amongst IT leaders, with a report from PagerDuty finding that 88% predict a major IT incident on the scale of the Crowdstrike outage within 12 months.

MORE FROM ITPRO

George Fitzmaurice
George Fitzmaurice
Staff Writer

George Fitzmaurice is a staff writer at ITPro, ChannelPro, and CloudPro, with a particular interest in AI regulation, data legislation, and market development. After graduating from the University of Oxford with a degree in English Language and Literature, he undertook an internship at the New Statesman before starting at ITPro. Outside of the office, George is both an aspiring musician and an avid reader.

More about security
Seized servers from bulletproof hosting facility wrapped in cellphane

The Zservers takedown is another big win for law enforcement
Black padlock sitting on laptop keyboard with red background, representing the BlackLock ransomware group.

There’s a new ransomware player on the scene: the ‘BlackLock’ group has become one of the most prolific operators in the cyber crime industry – and researchers warn it’s only going to get worse for potential victims
AMD logo outside its headquarters in Santa Clara, California,

AMD names new VAR and SI commercial sales chief for EMEA
See more latest