A bleak picture emerges when looking at numbers. It is time for a change.
The following 17 statistics show us a bleak picture. The presence of third parties and vendors has increased drastically. The vendor risk also. The vendor risk can be either about privacy non-compliance, performance disruption or a data breach risk. These risks are quantitatively present.
To reduce these risks, the Vendor Management is critical when managing these numerous vendors. Vendors are evaluated, e.g. with risk assessments. This Vendor Management has a measurable cost.
Of course, the following statistics do not reveal the full picture. Besides, proactive decisions can change the course of action.
Vendor Management Importance
Large companies have many third-party vendors, some with direct access to the company’s network.
An average of 89 vendors is accessing a company’s network every week — link
18 percent of respondents indicated their companies work with more than 1,000 third parties, and another 16 percent said they work with more than 10,000 third parties — link
However, most companies cannot guarantee a good personal data protection.
60 percent of companies admit that they do not have the resources to monitor the security and privacy practices of vendors with whom they share sensitive or confidential information — link
74 percent of companies do not know all the third parties that handle their data and personally identifiable information (PII) — link
The data breach risk is also very present.
66 percent of security professionals think that it’s possible or definite that they suffered a breach through third-party access — link
59 percent experienced a data breach caused by a third party — link
And there are certainly other risks too.
87 percent of organizations have had a disruptive incident with a third-party vendor within the past three years — link
82 percent were not confident or unsure if they have identified all the third party risks their organization is exposed to — link
Managing the vendors has a real cost, but the cost of not managing them is even higher.
Third party breaches cost more than in-house breaches, to the tune of $13 more per compromised record — link
The average cost of addressing a Data Subject Access Request (DSAR) is $1,400 per request — link
For example, managing assessments has a high cost because of lack of automation:
A single FTE (Full Time Employee) can manage roughly 350 third-party information security risk assessments and decisions annually — link
71 percent of companies are still using a custom questionnaire — link
Prioritized Vendor Management
Given these numbers, it is not a surprise Vendor management is a priority today.
Ensuring third parties have appropriate security practices to protect sensitive and confidential data was the first governance priority for 2019 — link
40 percent of organizations have a fully mature vendor risk management process in place — link
The Vendor Risk Management Market is expected to exceed more than US$ 7 Billion by 2024 at a CAGR (compound annual growth rate) of 13 percent — link
In our Vendor economy, we don’t always realize the value and the risk that vendors bring to the company. Companies have many vendors, some with a privileged access.
The vendor value is real, and the risk too, with a measurable cost. Due to the cost, it is tempting to avoid managing the vendors. However, it only increases the risk and the cost, while missing opportunities.
Planning the Vendor Management while adopting a Vendor culture is the key to gain from vendors deeply and responsibly.