6
Trends
from the Ponemon 2017 Third Party Data Risk Study your organization can’t afford to ignore
About The Report
About The Report

This benchmark study, independently conducted by the Ponemon Institute and sponsored by Opus, explores the increasing data risk posed by outsourcing relationships.

Now in its second year, the study examines the many challenges companies face in protecting sensitive and confidential information shared with third parties and their subcontractors and identifies governance and IT security practices that can be implemented to significantly reduce the likelihood of a third-party data breach.

1
Data breaches caused by third parties are on the rise
1
Data breaches caused by third parties are on the rise

At Least

56%

of respondents experienced a third party data breach... a 7% increase over last year

1
Data breaches caused by third parties are on the rise

And Data Breaches Cost...

More

than ever. According to Ponemon's 2017 Cost of Data Breach Study...

1
Data breaches caused by third parties are on the rise

On Average, U.S. Companies Pay

$7,350,000

Per Breach in fines, remediation costs and loss of customers - up 10%

2
Companies lack visibility into the security practices of third parties, but continue to share data
2
Companies lack visibility into the security practices of third parties, but continue to share data

57%

Don't have

an inventory of all third parties with which they share sensitive information

2
Companies lack visibility into the security practices of third parties, but continue to share data

57%

don’t know if third parties’ policies would prevent a data breach

2
Companies lack visibility into the security practices of third parties, but continue to share data

For

Nth-party
relationships,

it gets worse

only 18% know if sensitive information is shared

3
The effectiveness of third party governance programs is decreasing
3
The effectiveness of third party governance programs is decreasing

Just

17%

feel they’re highly effective at mitigating third-party risks, down from 22% in 2016

3
The effectiveness of third party governance programs is decreasing

60  %

feel unprepared to check or verify their third parties,
down from 66% in 2016

4
Companies are beginning to take third party data risk seriously
4
Companies are beginning to take third party data risk seriously

5%

More

respondents now have an owner of their third-party risk program

5
Third party risk is now a board level concern
5
Third party risk is now a board level concern

Between 2016 & 2017

15% More

respondents said their boards are more involved in third-party risk management programs

6
Proper governance of third party data security decreases the likelihood of a data breach
6
Proper governance of third party data security decreases the likelihood of a data breach

Study indentifies

8

best practices

that have strong correlations with the reduction of data breaches

Read the full report

Download the 2017 Data Risk in the Third Party Ecosystem Study from Ponemon Institute

Related Resources

Third Party Information Security

Free Your Business From Information Security Risks

Businesses are all too aware that cyber crime is increasing in frequency and reach. Learn how Opus' information security solution can free up your specialists to concentrate on what is important - more accurate risk assessments across all your third party relationships.

  • September 15, 2017
  • VIDEO
InfoSec Process Map

Process at a Glance: How to Manage Third Party Information Security Risk

Opus partnered with educational GRC think-tank OCEG to bring you this comprehensive yet concise process map of how you can apply information security policies, processes and technologies across your enterprise. Learn how to verify, remediate where necessary and monitor the effectiveness of third party controls, using sophisticated and mission-designed technology.

  • May 19, 2017
  • Infographic
Circles around a bright light source

Manage Your Third Party Information Security Risk with Hiperos 3PM™

Whether you're a chief information security officer (CISO), IT vendor risk professional or a compliance business leader challenged with rapidly changing regulations, you know the damage a single data breach can cause to your stock price, revenue and reputation... and third parties are a huge risk. Learn how to manage and respond to third-party information security risks faster and more easily than ever before with Hiperos 3PM Information Security (InfoSec).

  • March 1, 2017
  • Datasheet