Between February and March 2022, Prevalent conducted a study on current trends, challenges and initiatives impacting third-party risk management (TPRM) practitioners worldwide.

A continued look at “ripple events” - multi-party security events - examining the size and frequency of these events, firmographics, as well as the velocity of spread of such events.

Using RiskRecon’s assessment information, explanatory models are built to demonstrate the value of technical information in predicting measures of risk at varying levels of greater technical insight.

A survey of 200 global security professionals as to their opinions, responses, and outlook of the Solarwinds software chain compromise.

A deep dive into the nature of the finance sector’s public risk surface. Reviewing subsectors of the finance ecosystem, including supply chains.

A survey-driven report of over 150 third-party risk practitioners to understand the challenges facing their programs, the actions those professionals are taking to address the challenges, and identify success factors.

A deep dive into the nature of the healthcare sector’s public risk surface. Reviewing subsectors of the healthcare ecosystem, including supply chains.

A survey of over 1,500 CIOs, CISO, and Chief Procurement Officers on their concerns and actions for supply chain management. This is a US specific version of the main report.

Using RiskRecon’s telemetry of the public risk surface of thousands of organizations, this report takes a look at services which are commonly viewed as unsafe. The prevalence and co-occurrence of these services is used as a indicator of other hygiene and risk indicators at firms.

A deep dive into the state of deploying the latest TLS version (v1.2) and the use of this signal for correlating with broader public-facing risk surfaces and characteristics of firms.

This report from Forrester goes into the state of application security for 2020, detailing changes in the external attack methods, and changes companies should make to their application security efforts.

Uses survey-based polling to identify common challenges organizations face in managing third part risk management (TPRM) programs. Also provides analysis on some possible ways of addressing these concerns.

Using breach data from Advisen, this report defines ripple effects of breaches as the impacts on companies more than one degree of separation from the company directly affected by the breach. As vendor relationships are both broad and deep, a breach in any one company in a network can have distant effects on companies not directly related. The implications upon third party risk management are explored.

The goal of the study was to provide a state-of-the-market on third-party risk with actionable recommendations that organizations can take to grow and mature their programs.

This is a study on third party risk from Gartner. It covers how third party risks are changing, how companies are managing third party risks, and taking an iterative approach to third party risks.

A survey conducted by Advisen covering changes since last years survey, including a more than 70 percent satisfactionrate reported by respondents who havehad a cyber claim which either resulted ineconomic damage or business interruption.

This report goes in depth into the state of Internet security, including how companies are storing data, orgation’s internet surface areas, and where exposures exist the most.

This publication looks into the safety of cloud and on-prem environments.

CyberGRX and Ponemon Institute surveyed over 600 IT security professionals to learn more about the cost and efficacy of the tools and processes used to conduct third-party cyber risk management today. The survey respondents come from a variety of industries and are all involved in managing their organizations’ third-party cyber risk management programs (TPCRM). All organizations represented in the study have TPCRM programs and believe it is critical to have cybersecurity risk management controls in place

This report offers insight into the need for a cyber risk ratings system.

The Internet of Things: A New Era of Third Party Risk was sponsored by Shared Assessments and conducted by Ponemon Institute to understand organizations’ level of awareness and preparedness for the upcoming enterprise IoT wave. We hope the research findings will help organizations address the risks associated with the proliferation of IoT devices. We surveyed 553 individuals who have a role in the risk management process and are familiar with the use of IoT devices in their organizations.