Why vendor breaches still haunt enterprise IT leaders

Nearly half (47%) of enterprises suffered highly disruptive outages due to vendor-related breaches last year, according to research from Resilience.

This is a blind spot for businesses, the report said, with many businesses claiming familiarity but not confidence in their reliance on third parties.

While 83% of those surveyed described themselves as ‘familiar’ with their third-party vendor systems, just 35% feel that vendor due diligence is effective in mitigating cyber risks.

Smaller businesses report this disconnect more noticeably, according to the study. Almost half (43%) of businesses with annual turnovers of over £750 million view vendor due diligence as an effective measure compared to just 24% of firms with an annual turnover below £250 million.

That being said, 44% of large businesses considered vendor outages to be a key concern compared to a total average of 40%. Growing mid-sized companies appear to be at the most risk as a resurgence of ‘big-game hunting’ takes place, the report said.

These firms are increasingly attractive targets owing to a comparative lack of resources. 34% of firms with a turnover above £1 billion went unscathed by vendor outages.

“Cyber risk has become an undeniable reality for businesses of all sizes, yet our findings highlight a concerning gap in understanding and preparedness, particularly in how leaders assess and manage these risks as financial risks,” Resilience CEO Vishaal Hariprasad said.

Third-party outages remain a huge headache

This study points to a growing concern surrounding supply chain risk, with one particularly large outage causing chaos across the tech landscape last year.

A botched update from cybersecurity vendor Crowdstrike wreaked havoc last summer, with one insurance firm estimating that it affected millions of devices worldwide and caused over $5 billion in losses.

While not the result of a cyber attack, this outage drew global attention to the importance of supply chain resilience and the serious effects that an over-reliance on third-party vendors can cause.

Outages of this kind have caused fear amongst IT leaders, with a report from PagerDuty finding that 88% predict a major IT incident on the scale of the Crowdstrike outage within 12 months.

MORE FROM ITPRO