Research by EMA and ProcessUnity Proves Positive Business Value of a Risk-Based Approach to Cybersecurity
Data from CyberGRX Exchange reveals upward trend of companies tracking portfolio-wide third-party risks and control gaps
ProcessUnity and CyberGRX, providers of comprehensive end-to-end cybersecurity and third-party risk management solutions to leading enterprises, released a research report conducted by Enterprise Management Associates (EMA) titled ‘The Transformation of Cybersecurity from Cost Center to Business Enabler.’ The report focuses on the paradigm shift that is reshaping the way organizations approach cybersecurity, especially from a third-party risk management (TPRM) lens.
Read More about Interview AiThority: AiThority Interview with Gijs van de Nieuwegiessen, VP of Automation at Khoros
“I believe a modern TPRM strategy will take companies on a path to enlightenment”
“I believe a modern TPRM strategy will take companies on a path to enlightenment,” said Christopher M. Steffen, CISSP, CISA, Vice President of Research at EMA. “The increasing reliance on external partners, vendors, and suppliers to perform critical functions and provide essential services bestows great rewards, but also great cyber risks. It is imperative that businesses start looking across their portfolio to proactively identify and manage the risks posed by third parties. Our analysis reinforces that modern TPRM has the potential to drive growth, foster innovation, and instill a culture of cybersecurity awareness across all levels of organizations.”
AiThority Interview Insights : AiThority Interview with Babak Pahlavan, Founder and CEO of NinjaTech AI
The published research examines and analyzes the current state of cybersecurity, the need to build a convincing case for adopting a risk-based approach to cybersecurity and discusses how TPRM is the future of cybersecurity strategy. Key findings include:
- Over 60% of individuals surveyed noted their organization experienced a cyber incident linked to a third party. This number jumps to nearly 80% when asked if their organization experienced a cyber incident of any kind. Traditional cybersecurity practices concentrate on protecting the organization’s internal networks and systems. However, this limited scope fails to address potential risks that may originate from third-party relationships, leaving critical security gaps.
- 64% of those surveyed stated that TPRM was viewed as an organizational strategic imperative by their boards of directors and executive teams. Organizational leaders are recognizing that TPRM is critical, and not just another IT project. However, to be successful, efforts need to align with the broader business goals. Adopting a TPRM approach can streamline and enhance various cybersecurity and procurement processes, more effectively allocate resources and reduce costs, and prioritize security efforts based on the potential impact on critical business functions and sensitive data.
- 88% of survey respondents cited having a CISO within their organization, but less than 50% report that their CISO presents risks and makes recommendations to the board of directors. Transforming the approach to cybersecurity cannot occur without also transforming the role of the CISO. A modern CISO must be able to champion cybersecurity as a business enabler and align security initiatives with overarching organizational goals, ultimately elevating their company’s overall security posture. This transformation will be driven, in part, by recent SEC rules which identify the security chief as a critical member of the business leadership.
“The findings of this report align with the activity we’ve seen within our customer base,” said Fred Kneip, President, ProcessUnity. “There have been significant increases in the month-over-month adoption rate of Portfolio Risk Findings since February and over 50% increases in new assessment shares and customer acceptance rates. TPRM’s transformational power is being realized now more than ever, and the emergence of artificial intelligence will continue to drive it forward. I’m encouraged by the direction enterprise executives, security leaders, and the broader community are headed. Forging this new path in cybersecurity will build operational and security resiliency.”
Latest AiThority Interview Insights : AiThority Interview with Keri Olson, VP at IBM IT Automation
[To share your insights with us, please write to sghosh@martechseries.com]
Comments are closed.