Independent Study Confirms Continuous Monitoring Gives Organisations Greater Control of Vendor Risk Management
March 2018 by BitSight
BitSight released the results of a March 2018 commissioned study conducted by Forrester Consulting titled “Take Control of Vendor Risk Management Through Continuous Monitoring.” The findings reveal that current methods for managing third-party risk are inefficient and that companies must adopt continuous monitoring to detect security and risk issues to better understand their vendors’ cybersecurity posture and overall risk posed to their business.
“I believe this study validates what we’ve always known, continuous monitoring is critical for effective vendor risk management,” stated Tom Turner, CEO of BitSight. “Understanding the security performance of your third-party ecosystem in real time enables companies to make better risk decisions quicker and at scale. With 1,000 customers actively monitoring and engaging with over 100,000 third parties, BitSight is driving innovation that we believe closely aligns with the findings of this study.”
The study surveyed 251 IT, risk, compliance and security decision makers in North America and Europe. Participants included managers, directors, vice presidents and c-level executives from organisations ranging from 1,000 to over 20,000 employees.
• It typically takes between two weeks and two months to adequately assess a vendor’s cybersecurity posture. It took 88% of organisations over two weeks to assess vendors’ cybersecurity using manual methods, leaving many organisations exposed to security control and performance gaps.
• Outside vendor analytics are important. 87% of firms said a mixture of in-house and analytics from an outside vendor are very to extremely important when assessing third-party cyber risk management.
• Firms recognise the value of continuous monitoring. 83% of firms said more frequent or continuous monitoring of their vendors’ cybersecurity posture would be very to extremely valuable.
• Continuous monitoring is more than an annual survey. 49% of firms believe a key benefit of better third-party cyber risk management is improved vendor communication.
• Firms are making the connection between continuous monitoring and improved security. 51% of firms believe a key benefit of third-party cyber risk management is improving collaboration to remediate security issues.