Nearly half of firms suffer data breaches at hands of vendors
Almost one in two (44%) companies has experienced a disruptive data breach as the result of a third-party vendor getting compromised, recent research by eSentire and Spiceworks shows. 26% of the breaches were the result of human error and stolen passwords, while about half involved malware.
Even though third-party agreements evidently put companies at great risk, only 60% of firms have formalized policies for these agreements, and 81% of those companies believe their policies are effective. Based on the study’s findings this confidence seems utterly misplaced, especially because vendors rarely inform organizations about breaches. The survey found that only 15% of organizations have received such a heads-up.
Supply-chain attacks that target companies through vendors and other third-parties are on the rise.