Disruptions from cyber attacks increasing, taking longer to fix
Cyber attack disruptions are increasing, and it’s taking organizations longer to fix the underlying issues, according to a new report from global consulting firm Protiviti and the Shared Assessments Program, a member-driven organization of risk assurance providers. Among the areas they need to focus on: vendor risk management (VRM) practices and programs.
For the research, the firms surveyed 554 risk management practitioners and C-suite executives worldwide conducted online
in the fourth quarter of 2018. Survey results show that VRM programs in the technology and insurance/healthcare payer sectors have achieved the greatest levels of program maturity overall.
However, no sector reported more than 50 percent of respondents at a mature level with regard to managing vendor risk.
The overall maturity of VRM programs is virtually unchanged in the face of an increasingly challenging external risk and regulatory environment, the report said. Maturity rates overall are at or near a 3.0 out of 5.0 level.
“The threat landscape is evolving daily, and new risk vectors—from nation state bad actors, data thefts and high-impact cyber attacks to business model viability and regulatory non-compliance—are making comprehensive vendor risk management programs all the more crucial to organizational stability and continuity,” said Paul Kooney, a managing director in Protiviti’s security and privacy practice.
Strong correlation exists between engagement at the board of directors level and VRM program maturity, with 57 percent of organizations reporting high levels of board engagement also reporting fully functional and advanced VRM programs.
Continuous monitoring, an important aspect to VRM program maturity, lags across all sectors, the report said. Only 38 percent of respondents report that their organizations have controls in place to ensure ongoing monitoring of vendor relationships.