<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1175921925807459&amp;ev=PageView&amp;noscript=1">
Vendor Risk Management

How Continuous Third Party Monitoring Can Improve Information Security

Nick Gagalis | February 25, 2015

As cyber attacks via third parties become more commonplace, IT decision makers have put the spotlight on the cyber security of their vendors. According to data from a commissioned study, conducted by Forrester Consulting on behalf of BitSight, IT departments among enterprises in the US, UK, France and Germany allocated 21% of their overall IT spending to third parties. That equates to over $270 billion annually in the US alone. That study details the desires of IT professionals and the abilities they would like to have to manage cyber risk.

Point-in-time, subjective questionnaires are not sufficient for compliance with the new regulations requiring continuous monitoring of vendors, partners and other third parties. (The New York Department of Financial Services has frequently led the way on cybersecurity standards.)

It can be difficult to manage so many different partnerships, especially for companies with hundreds or thousands of vendors. Those considerations have forced IT decision makers to look for data-driven, automated solutions that can scale security performance management.

Current Tools Aren’t Enough to Effectively Manage Third Party Cyber Risks

While IT professionals acknowledge that they want to continuously manage the cyber risks in their network, the solutions they currently use don’t give them that privilege. According to the study, only 23% of organizations formally track threat intelligence practices monthly or more.

The following graph shares which types of supplier-related risks IT professionals are most interested in tracking and managing. Almost two-thirds of surveyed professionals would like to have more data about the risk of losing critical company data and/or the threat of cyberattacks.

IT Seeks The Ability To Track Supplier Risk Metrics

The chart below shares the percentage of survey participants that believe continuous monitoring can help in the areas listed. More than half of the respondents think continuous monitoring will make it easier to identify and remediate threats, compare security postures of various companies and track industry trends.

Continuous Monitoring Is Seen As Beneficial To Critical Metrics


What other interesting data came out of the study?

Join us for a webinar on Thursday, February 26 at 11:30am EST to learn how continuous third party monitoring can help your company manage and mitigate cyber risks across your extended enterprise. During the discussion between Stephen Boyer and guest speaker, Forrester Research Senior Analyst Renee Murphy, you will learn:

  • Which industries stand to benefit most from using automated, objective information security data

  • Other findings from the study and their importance in the cybersecurity landscape

  • Specific use cases of continuous monitoring  helping companies improve information security performance.

Reserve your spot now.

Suggested Posts

Worthwhile TPRM Certifications for Security & Risk Professionals

As the importance of third-party risk management (TPRM) continues to grow, organizations are hiring for related roles more seriously than ever before. To compensate, security and risk professionals are seeking out certification programs in...


Which Third-Party Risk Management Tools Do You Really Need?

With high-profile breaches being traced back to supply chain vulnerabilities and a regulatory environment that’s waking up to the realities of vendor risk, many organizations are investing heavily in third-party risk management (TPRM)...


New Study: Organizations Struggle to Manage Cyber Risk in Their Supply Chains

A new report from McKinsey & Company sheds light on something we’ve known for many years – organizations are struggling to make significant progress in managing cybersecurity risk in their supply chains.


Subscribe to get security news and updates in your inbox.