Back to Spotlight


The July 2021 edition of Spotlight explored third-party risk. Today, we will add to that theme with BlueVoyant’s newly released report on third-party risk. The interesting insight: third-party cyber risk is even more important than we thought.


  • Cybersecurity firm BlueVoyant conducted a survey-based market study with 1,200 CISOs and chief procurements officers responsible for supply chain
  • The report suggests that companies are investing heavily in cybersecurity, but many hesitate to make third-party risk a strategic priority
  • BlueVoyant’s report highlights daunting statistics:
    • 93% of companies suffered from a cyber breach as a result of a weakness in their supply chain
    • 97% of companies experienced negative impacts from a cybersecurity breach in their supply chain
    • The number of breaches companies experiences grows annually by 37%
  • However, it is not all doom and gloom. The report observed positive developments: fewer companies completely ignore third-party risk (13%), the average budget allocated to third-party risk increases every year
  • So what can be done about the problem of third-party risk? The report highlights four focus areas:

1. Gain visibility into the supply chain

2. Decide who owns third-party risk

3. Integrate continuous supply chain monitoring with appropriate reporting to the board and senior executives

4. Improve cybersecurity education and training for vendors



Why does this matter for businesses?

  • The biggest and most devastating cyberattacks in history (Kaseya, SolarWinds, NotPetya) all fit into the category of third-party risk
  • Companies do not act in isolation. That makes them vulnerable to cyberattack. Third-party risk is likely becoming the defining cybersecurity challenge of our time.


Access the full article here