Press Release
New Report from BlueVoyant Shows Progress in Third-Party Cyber Risk Management, But Breaches Persist
November 4, 2024
Study finds more than 80% of organizations report they were negatively impacted by a cyber breach in their supply chain over the past twelve months, with 3.7 breaches on average
NEW YORK, November 4, 2024 — BlueVoyant, an industry-leading cyber defense company, today released its fifth annual global survey into supply chain cyber risk management. The 2024 study demonstrates progress in third-party risk management (TPRM) as respondents shifted focus from TPRM awareness and adoption to enforcement and compliance. The survey results also highlight ongoing investment in technology and talent to enhance supply chain security.
This year’s study found 81% of organizations reported negative impacts from supply chain breaches over the past twelve months, down from 94% in 2023. While this is a marked improvement, the vast majority of organizations are still reporting breaches.
“More organizations than any previous year indicated that their primary focus is no longer on awareness of the third-party risk management problem or adoption of a program, but rather with the operational, day-to-day challenges of managing an effective program,” said Joel Molinoff, global head of Supply Chain Defense at BlueVoyant. “While this progress also brings many new challenges, it indicates a major step in the right direction when contrasted with previous years where many organizations had poor tracking of third-party vendors, little to no leadership oversight, and virtually no collaboration when it came to remediating cyber issues.”
Despite budget increases and greater collaboration with suppliers, organizations still struggle to combat supply chain threats. Key data points observed in the report include:
- Increased budget and resources: 86% of respondents say TPRM budgets have increased.
- Increased collaboration with suppliers: More than 36% of organizations — up from 19% in the prior year — say they have pursued a far more active role in working with their suppliers each step of the way to ensure remediation of identified cyber risks.
- Intense difficulty in healthcare: Of the six sectors evaluated in the survey, healthcare and pharmaceutical companies reported the highest rate (87%) of being negatively impacted by a breach in their third-party ecosystem over the last twelve months. More than a third of healthcare organizations (36%) reported having no means to detect threats in third parties, also the highest rate across industries.
- Monitoring and periodic vendor assessment need to take a higher priority: Only 32% of third-party vendors are reported to be regularly monitored (1,459 suppliers out of a total of 4,510 on average in this survey). At the same time, 50% of organizations say they do not periodically assess all their vendors because of challenges related to resources, technology, and expertise.
“Organizations are making progress in more frequent monitoring of third parties, though challenges in reporting metrics to senior management persist,” said Brendan Conlon, Global Director of Supply Chain Defense at BlueVoyant. “As information security as an industry continues to mature, there will be more focus on the tighter integration of multiple aspects of security operations. This means that third-party cyber risk will inevitably be folded into day-to-day SOC operations and wider risk management programs.”
The study was carried out by an independent market research organization, Opinion Matters, who surveyed 2,100 -suite leaders responsible for supply chain and cyber risk management across a range of industries. To gain a global perspective, the research was conducted in 11 countries across North America, Europe and Asia Pacific.
Learn more about the full report: The State of Supply Chain Defense: Annual Global Insights Report 2024," including analysis across multiple countries and vertical sectors.
About BlueVoyant
BlueVoyant delivers a comprehensive cloud-native security operations platform that provides real-time threat monitoring for networks, endpoints, and supply chains, extending to the clear, deep, and dark web. The platform integrates advanced AI technology with expert human insight to offer extensive protection and swift threat mitigation, ensuring enterprise cybersecurity. Trusted by more than 1,000 clients globally, and the 2024 Microsoft Worldwide Partner of the Year, BlueVoyant sets the standard for modern cyber defense solutions.
BlueVoyant Press Contact:
Jennifer Schlesinger
Related Reading
Press Release
More Than 70% of Singapore Organisations Were Negatively Impacted by a Cyber Security Breach Within Their Supply Chain in the Past Year
November 4, 2024
Press Release
BlueVoyant Ranked 17 in MSSP Alert’s 2024 List of Top 250 MSSPs
October 29, 2024