Focusing on the Threat of Ecosystem Risk as Your Primary Security and Commercial Issue
Greg Brehm, COO and co-founder of Resilience, an elite cybersecurity risk firm, has a bold message:
In today's digital realm, the game of cybersecurity has changed, and it's high time for businesses to adjust their defense strategies. More and more, companies that boast robust internal risk assessments, maintain tight data and critical asset protection, and vigorously monitor their direct operations may unwittingly expose themselves to an insidious menace lurking in the shadows: third-party risks.
From diverse industries to the tech sector, we rely on common software vendors like never before. Given the essential nature of these software products, even small disruptions can lead to catastrophic consequences for business continuity. As a result, third-party dangers have evolved from being an occasional concern to posing real monetary risks.
Our data unveils a shocking truth:
- In 2024, third-party risks accounted for a staggering 23% of material claims – contrasted with zero percent in 2023.
Previously, we believed third-party risks stemmed from data breaches experienced by software-as-a-service (SaaS) providers or partners within the supply chain. Although these events can be disastrous, recent years have shown that the primary losses arise from business interruptions caused by vendors hit by ransomware or outages.
As the axe falls on third-party incidents causing direct financial losses, it's crucial to understand potential second- and third-order impacts. Organizations must proactively prepare and evaluate their resilience to thwart third-party risks.
Flashing Red Alerts
The year 2024 brought several eye-opening cases that highlighted third-party risk awareness:
- The ransomware assault on Change Healthcare, a prominent healthcare billing service provider, wreaked havoc on hospitals and clinics nationwide. This widespread disruption ultimately cost the healthcare system billions.
- CDK, a software provider for automotive dealerships, was likewise struck by ransomware, rendering thousands of dealerships inoperable. The ripple effects of this two-week collapse resulted in a staggering $1.02 billion loss for automotive dealerships across the country.
These high-profile incidents illustrate that evasive vendors, believed to be cornerstones to their respective industries, can indeed be gateways for harmful attacks.
The New Frontier
Beyond these alarming incidents, 2024 also witnessed an alarming trend: the rise of "big-game hunting" threats, wherein attackers target larger organizations that possess valuable data and are capable of remitting substantial ransoms. In this context, third-party targets offer a tempting prospect for cybercriminals, as successful attacks against these larger organizations can lead to domino effects of downstream disruptions.
In 2024, ransomware accounted for a staggering 61% of all claims with losses. As ransom demands climb, it's imperative to anticipate the expansion of the destructive fallout from these disruptions. Sectors with extensive, interconnected networks, such as transportation, healthcare, and manufacturing, are particularly vulnerable to substantial financial loss due to the incredibly intricate nature of their third-party relationships.
Are You Battle-Ready?
In an environment of intricate, intertwined networks, it's paramount to assess the security postures of your third-party vendors and allocate resources to meet your business's needs. Ask yourself three simple questions to evaluate your preparedness against third-party cybersecurity risks:
- Does your vendor meet your security standards? Adopting a comprehensive mitigation strategy begins with understanding your network's risk exposure. Explore tailored tools to generate or AI-powered vendor risk reports for a thorough assessment of potential vulnerabilities.
- What are the potential financial impacts of a third-party incident? Assessment is merely the starting point. Knowing how to quickly address immediate threats and understand the downstream consequences of third-party incidents is critical to preserving continuity and profitability.
- Are key decision-makers aware of the financial impacts of third-party incidents? Effective risk management necessitates a cultural shift within organizations, breaking down internal silos and fostering collaboration across departments. Present risks in terms that resonate with executive decision-makers to drive actionable change.
Embracing a holistic perspective on third-party cybersecurity risks is no longer discretionary – it's an indispensable component of survival in today's evolving threat landscape.
- Greg Brehm, in his bold message, underscores the importance of cybersecurity for personal-finance and business continuity, emphasizing the increased threat posed by third-party risks.
- As the reliance on common software vendors becomes ubiquitous, companies must expand their focus beyond direct operations to assess and mitigate third-party risks, as these can lead to significant financial jeopardy.
- In 2024, third-party risks accounted for a staggering 23% of material claims, revealing the growing danger they pose to industries, such as healthcare and automotive, due to the domino effects of downstream disruptions.
- To combat this threat, organizations must evaluate their third-party vendors, understand potential financial impacts, and prepare key decision-makers for the risks and consequences of third-party incidents.
- In an interconnected world, adopting a comprehensive third-party cybersecurity risk strategy is no longer discretionary but essential for survival in today's evolving threat landscape, with ransomware accounting for 61% of all claims in 2024.