• About
  • Subscribe
  • Contact
Wednesday, May 7, 2025
    Login
FutureIOT
  • Technology
    • Sensors and Instrumentation
    • Devices
    • Cloud and Platforms
    • Research and Development
    • Governance, Standards and Regulations
    • Application and Middleware
    • Security
    • Big Data and Analytics
    • AI and Machine Learning
  • Industry
    • Manufacturing
    • Transportation and Logistics
    • Retail and E-commerce
    • Banking and Financial Services
    • Government, Healthcare and Education
    • Industrial
  • Application
    • Smart Cities
    • Future Workplace
    • Commercial
    • Smart Home
    • Customer Engagement
  • Resources
  • Podchats
  • Videos
  • Events
No Result
View All Result
  • Technology
    • Sensors and Instrumentation
    • Devices
    • Cloud and Platforms
    • Research and Development
    • Governance, Standards and Regulations
    • Application and Middleware
    • Security
    • Big Data and Analytics
    • AI and Machine Learning
  • Industry
    • Manufacturing
    • Transportation and Logistics
    • Retail and E-commerce
    • Banking and Financial Services
    • Government, Healthcare and Education
    • Industrial
  • Application
    • Smart Cities
    • Future Workplace
    • Commercial
    • Smart Home
    • Customer Engagement
  • Resources
  • Podchats
  • Videos
  • Events
No Result
View All Result
FutureIOT
No Result
View All Result
Home Technology Security

Gartner: 4 action items to reduce 3rd-party cybersecurity risks

FutureIoT Editors by FutureIoT Editors
December 15, 2023
Photo by Anna Nekrashevich: https://www.pexels.com/photo/marketing-businessman-person-hands-6801647/

Photo by Anna Nekrashevich: https://www.pexels.com/photo/marketing-businessman-person-hands-6801647/

In a recent Gartner survey, 45% of organisations experienced third-party-related business interruptions. This is despite the increased investments in third-party cybersecurity risk management (TPCRM) over the last two years.

Zachary Smith
Zachary Smith

“Third-party cybersecurity risk management is often resource-intensive, overly process-oriented and has little to show for in terms of results,” said Zachary Smith, Sr principal research at Gartner. “Cybersecurity teams struggle to build resilience against third party-related disruptions and to influence third party-related business decisions.”

Effective TPCRM depends on delivery of three outcomes

Successful management of third-party cybersecurity risk depends on the security organisation’s ability to deliver three outcomes – resource efficiency, risk management resilience and influence on business decision-making. However, enterprises struggle to be effective in two out of those three outcomes, and only 6% of organisations are effective in all three (see Fig. 1).

Figure 1. Security organisations’ ability to deliver on three outcomes for effective TPCRM

Source: Gartner (December 2023)

Four actions to manage third-party cybersecurity risks

Based on the survey findings, Gartner identified four actions that security and risk management leaders must take to increase their effectiveness in managing third-party cybersecurity risk. The survey found that organisations that implemented any of these actions saw a 40-50% increase in TPCRM effectiveness.

These actions include:

Regularly review how effectively third-party risks are communicated to the business owner of the third-party relationship: Chief information security officers (CISOs) need to regularly review how well the business understands their messaging around third-party risks to ensure they are providing actionable insights around those risks.

Track third-party contract decisions to help manage risk acceptance by business owners: Business owners will often choose to engage with a third party even if they are well-informed about associated cybersecurity risks. Tracking decisions helps security teams align compensating controls for risk acceptances and alerts security teams to particularly risky business owners that may require greater cybersecurity oversight.

Conduct third-party incident response planning (e.g., playbooks, tabletop exercises): Effective TPCRM goes beyond identifying and reporting cybersecurity risks. CISOs must ensure the organisation has strong contingency plans in place to prepare for unexpected scenarios and to be able to recover well in the wake of an incident.

Work with critical third parties to mature their security risk management practices as necessary: In a hyperconnected environment, a critical third party’s risk is also an organisation’s risk. Partnering with critical third parties to improve their security risk management practices helps promote transparency and collaboration.

Related:  PodChats for FutureIoT: Securing the Internet of Things
Tags: Gartnerthird-party risk management
FutureIoT Editors

FutureIoT Editors

No Result
View All Result

Recent Posts

  • Surge in ambient IoT to pave the way for sustainable tech
  • Imbibing AI skills into Singapore’s future workforce today
  • Asia Pacific's AI ambitions hinge on next-generation networks
  • Gartner urges supply chain leaders to adopt cost-to-serve model
  • Navigating cyber chaos while safeguarding Asia's supply chains

Categories

  • Agriculture
  • AI and Machine Learning
  • Application
  • Application and Middleware
  • Automotive
  • Banking and Financial Services
  • Big Data and Analytics
  • Blockchain
  • Case Studies
  • Change Healthcare
  • CHRO
  • Cloud and Platforms
  • Commercial
  • Construction
  • Consumer
  • Customer Engagement
  • Devices
  • ESG
  • Future Workplace
  • FutureCOO
  • Governance, Standards and Regulations
  • Government, Healthcare and Education
  • Hospitality and Tourism
  • Industrial
  • Industry
  • IT-OT integration
  • Manufacturing
  • Networking
  • Operations
  • Research and Development
  • Retail and E-commerce
  • Security
  • Sensors and Instrumentation
  • Smart Cities
  • smart contracts
  • Smart Home
  • Start-ups
  • Supply chain
  • Technology
  • Telecommunications
  • TIBCO
  • Transportation and Logistics
  • Videos
  • Whitepapers

About FutureIoT

Asia’s ONLY dedicated IoT publication

The race to harness the power of Internet of Things (IoT) is here. FutureIoT is dedicated to individuals, as well as public and private organizations looking to tap the potential of IoT to transform the way we live, work and do business. FutureIoT is the dedicated media that provides the single source of truth about IoT, the technology, its application and regulation, originating from Asia. << Read more >>

Quick Links

  • Subscribe
  • Contact
  • Privacy Policy
  • Cookie Policy
  • Terms of Use

Categories

Recent News

Photo by John Tekeridis: https://www.pexels.com/photo/round-grey-speaker-on-brown-board-1072851/

Surge in ambient IoT to pave the way for sustainable tech

May 7, 2025
Imbibing AI skills into Singapore’s future workforce today

Imbibing AI skills into Singapore’s future workforce today

May 6, 2025
  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Technology
    • Sensors and Instrumentation
    • Devices
    • Cloud and Platforms
    • Research and Development
    • Governance, Standards and Regulations
    • Application and Middleware
    • Security
    • Big Data and Analytics
    • AI and Machine Learning
  • Industry
    • Manufacturing
    • Transportation and Logistics
    • Retail and E-commerce
    • Banking and Financial Services
    • Government, Healthcare and Education
    • Industrial
  • Application
    • Smart Cities
    • Future Workplace
    • Commercial
    • Smart Home
    • Customer Engagement
  • Resources
  • Podchats
  • Videos
  • Events
Login

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Subscribe