In this risk surface series, RiskRecon, a Mastercard Company, and Cyentia have worked to help third-party risk managers understand how to measure and manage risk. We’ve seen variation across industries and other slices. But not all firms are interchangeable. A payroll processor cannot be replaced with a janitorial supply company, at least not with good business outcomes! In this report, we look at what distinguishes top-performing firms from those that struggle the most. Armed with this knowledge, Third-Party Risk Management (TPRM) professionals can take into account the totality of their risk surface, and how it impacts the overall security performance of an organization

The 2023 Global Digital Trust Insights in a survey of 3.522 business, technology, and security executives (CEOs, corporate directors, CFOs, CISOs, CIOs, and C-Suite officers) conducted in July and August 2022. Female executives make up 31% of the sample. Fifty-two percent of respondents are executives in large companies; 16% are in companies with $10 billion or more in revenues.

In the summer and fall of 2019, EY surveyed 246 global institutions that had a third-party risk management (TPRM) function in various sectors, including but not limited to, retail and commercial banking, investment banking, insurance, advanced manufacturing and mobility, technology, media and entertainment, power and utilities, and health.

For our seventh annual survey, Venminder surveyed individuals from a wide variety of organizations and industries, including financial services, fintech, retail, food services, insurance, healthcare, information technology, and more in a nice balance of different sizes ranging from less than $1B assets of less than 100 employees to more than $10B assets or more than 5,000 employees.

In its 8th edition this year, the 2023 “Open Source Security and Risk Analysis” (OSSRA) report delivers our annual in-depth look at the current state of open source security, compliance, licensing, and code quality risks in commercial software. We share these findings with the goal of helping security, legal, risk, and development team better understand the open source security and license risk landscape.

In this Director Sentiment Monitor for Q4 2022, 41% of respondents told us their primary organization has experienced a cyber attack. Interestingly, 36% of respondents said their primary organization had cyber security as a standing item at all board meeting, while 27% said it was discussed quarterly. Among other findings, it is also encouraging that 81% of respondents said their primary organization has a cyber security response plan in place.

This report offers an in-depth examination of the underlying condition that enables such incidents to take place-the widespread interdependence of modern digital supply chains. We analyzed data from over 230,000 organizations to investigate the prevalence of security incidents among third parties. We then measure the extent of vendor relationships and explore the effects of that exposure. Finally, we compare the security posture of organizations to that of their third and fourth-parties to yield data-driven insights on how to identify risky vendors and better manage exposure.

The World Economic Forum’s Global Cybersecurity Outlook 2023, in collaboration with Accenture, examines the cybersecurity trends that will impact our economies and societies in the year to come.

The Global Cybersecurity Outlook flagship report identifies the trends and analyzes the near-term future cybersecurity challenges. The accelerated shift to remote working during the COVID-19 pandemic coupled the recent high-profile cyberattacks have resulted in bringing cybersecurity top of mind among key decision-makers in organizations and nations.

The objective of this report is to reflect on the different vulnerability management phases and their current maturity and trends through a cumulative dashboard view of the United VRM SaaS solution, anonymously accumulating vulnerability and asset data from January 2019 to present date. These cumulative views will reveal trends and considerations about vulnerability management practices and overall program maturity.

In this years report, we’ll focus attention on how organizations are moving past problem identification and mitigating cyber risk challenges within supply chain vendors. We’ll also explore the challenges identified by this year’s respondents in establishing internal and third-party sourced functions and technologies for supply chain risk mitigation.

This report underscores the challenge facing corporate, government and not-for-profit debt issuers: rising cybersecurity incidents, higher costs to combat them, and an imbalance in the executive and risk management experience needed to manage them properly. In an ever-more-connected world, the risk of systemic attacks resulting in damaging financial and repetitional consequences keeps increasing.

The 2021 Identity and Access Management Report reveals the increasing importance of managing access as part of an organization’s overall risk management and security posture in the new normal of hybrid work locations. The report highlights what is and what is not working for security operations teams in securing access to sensitive data, systems, and applications.

The 2022 Vulnerability Management Report is based on a comprehensive survey of over 390 cybersecurity professionals in September 2022 to gain insights into the latest trends, key challenges and solutions preferences for vulnerability management.

The goal of this report is to offer a view on the state of compliance in today’s typical organization, including: the rate of noncompliance among a typical organization’s assets, the compliance standards that are hardest for organizations to adhere to, how well compliance tracks against the overall risk surface and the most common security controls causing non-compliance.

This report summarizes our findings and provides a resource for benchmarking an organization’s approach to risk oversight against current practices. In addition to highlighting key findings for the full sample of 560 respondents, we also separately report many of the key findings for the following subgroups of respondents: 152 large organizations (those with revenues greater than $1 billion), 129 publicly traded companies, 151 financial services entities and 156 not-for-profit organizations.

This study offers the kind of insights CISOs have long been asking for - to benchmark their situation and experience against others; to learn from what their peers are doing and planning to do ; and to validate ideas and obtain solid data to justify investments in these areas.

The goal of the study was to provide a state-of-the-market on third-party risk with actionable recommendations that organizations can take to grow and mature their programs across every stage of the third-party risk lifecycle.

Between February and March 2022, Prevalent conducted a study on current trends, challenges and initiatives impacting third-party risk management (TPRM) practitioners worldwide.

This report creates an overall picture of the cybersecurity capabilities of public power utilities. Moreover, it supports the previous year’s findings and provides a consistent approach for supporting DOE’s Multiyear Plan for Energy Sector Cybersecurity.

The pandemic has changed everything. What strategies are CISOs and other security leaders implementing to ensure their organizations are secure in today’s uncertain environment? This report contains the 8 trends worth following to more effectively mitigate human risk in 2022.