Third parties and external suppliers are often the weak link in the cybersecurity chain. According to a new report by Kaspersky, almost a quarter (24 percent) of enterprises that implement special IT policies for third parties experienced a data breach because of a cyberattack incurred by a supplier.
These policies have proven valuable for enterprises, as most of them (71 percent) received financial compensation the affected third party. Among organisations that don’t have policies in place, only 22 percent reported being compensated for an incident.
Businesses are increasingly opting for third parties and external suppliers to assist with operations. A Gartner report says that 71 percent of organisations work with more third parties than three years ago, and predicts the same growth three years from now.
These policies, according to Kaspersky’s IT Security Economics report, dictate how partners and suppliers work with shared resources and data, as well as any penalties they may incur.
The policies, the report argues, also work in favour of small and medium-sized businesses, as 68 percent of them received compensation for a breach, compared to 28 percent of those without clear rules in place.
“The results of our survey may seem rather paradoxical with enterprises with special policies saying they have experienced supply chain attacks more often,” said Sergey Martsynkyan, Head of B2B Product Marketing at Kaspersky.
“However, we can suggest that a business with a wider network of third party organisations will pay more attention to this area, which results in implementing specific guidelines. Nonetheless, a vast network of subcontractors may make such data breaches more likely. Besides, organisations with third party policies can more accurately determine the causes of a particular breach.”
Damages from cyber incidents costs businesses $2.57 million on average, positioning data breaches among the three costliest problems faced by enterprises.