Despite increased investments in third-party cybersecurity risk management (TPCRM) over the last two years, 45% of organizations experienced third-party-related business interruptions, according to a new Gartner survey. The survey was conducted in July and August 2023 among 376 senior executives involved in third-party cybersecurity risk management across organizations from different industries, geographies, and sizes.
“Third-party cybersecurity risk management is often resource-intensive, overly process-oriented, and has little to show for in terms of results,” said Zachary Smith, Sr Principal Research at Gartner. “Cybersecurity teams struggle to build resilience against third party-related disruptions and to influence third party-related business decisions.”
Successful management of third-party cybersecurity risk depends on the security organization’s ability to deliver three outcomes – resource efficiency, risk management, and resilience and influence on business decision-making. However, enterprises struggle to be effective in two out of those three outcomes, and only 6% of organizations are effective in all three.
Based on the survey findings, Gartner identified four actions that security and risk management leaders must take to increase their effectiveness in managing third-party cybersecurity risk. The survey found that organizations that implemented any of these actions saw a 40-50% increase in TPCRM effectiveness.
These actions include:
A new study from Juniper Research predicts that global revenue from mobile identity application programming interfaces (APIs) will reach $22 billion in 2029, rising from $2.4 billion in 2025.
The year 2024 marked a record-breaking year for the semiconductor market, with annual revenue surging approximately 25% to $683 billion, according to Omdia.
Worldwide GenAI spending is expected to total $644 billion in 2025, an increase of 76.4% from 2024, according to a forecast by Gartner.
