A new study from Prevalent Inc. indicates a significant increase in third-party data breaches, rising 49% in 2023 compared to the previous year, and tripling since 2021. The report highlights that 61% of companies experienced a third-party cybersecurity incident last year, impacting major supply chains such as Okta, LastPass, Change Healthcare, and PJ&A.
The scale of these breaches underscores the critical need for enhanced third-party risk management (TPRM) practices. Despite the existence of TPRM programs in most organizations, half of them still rely on spreadsheets and a patchwork of tools to manage their vendors, leading to a lack of coordination and significant security gaps.
Prevalent’s CEO Kevin Hickey and COO Brad Hibbert stress the importance of using dedicated TPRM platforms to unify teams, data, and risk lifecycles. The study found that only 33% of third parties are being adequately assessed or monitored, revealing substantial hidden risks.
Additionally, 62% of respondents cited understaffing as a major obstacle, with the average company needing to double its TPRM staff to effectively safeguard against breaches. The report also highlights a disparity between risk tracking and remediation, with only 46% of companies mitigating identified risks.
Prevalent suggests that companies form cross-functional teams and establish clear ownership of TPRM programs, as well as automate TPRM processes to improve efficiency and security. The study also notes the low adoption of AI in TPRM, with only 5% of companies using it actively, though interest in AI solutions remains high. For more detailed statistics and recommendations, Prevalent advises downloading their full e-book and infographic.
