Product News

Find out about our new product features, the latest platform changes, and discover company announcements before anyone else.

Risk Management

Stay up to date on third-party risk management best practices and techniques, and learn about new regulations for third party risk.

Security Research

Keep up with research around the biggest data breaches, malware infections, IoT risks and all the latest news in cybersecurity.

New Research Calls Out Today’s Vendor Risk Challenges

New ESG Report: “Intelligence-driven Vendor and Supplier Security Risk Management”

A recent study conducted by Enterprise Strategy Group (ESG), an IT research and strategy firm based in Milford, MA, looks at the issue of third party supplier and partner security in depth. The new report discusses approaches to today’s vendor risk management challenges and emerging technology solutions for improving the discipline. Keeping pace with security risks based in the partner ecosystem is a major business challenge for CISOs, vendor risk managers, and IT professionals in large enterprises.

Increases in the number of third parties and data breaches originating from suppliers are widening the attack surface, as are the volume of breaches originating from these partners. ESG’s 2015 survey of 303 IT security professionals found the following data points, among many others:

  • 31% of respondents found that one or more of their IT suppliers have reported security breaches over the last few years.
  • 34% of organizations have experienced an increase in the number of external third parties with access to internal assets.




Download the Report


“CISOs are reacting to a complex vendor ecosystem and risk landscape by increasing their security budgets, recruiting staff, and purchasing the latest cybersecurity defenses,” wrote Jon Oltsik, Senior Principal Analyst at ESG, in the report. “These tactics, however, often miss risks that are under the surface since they reside in partner and supplier systems.”

Traditional vendor audits are based upon point-in-time technical information often collected on a quarterly or annual basis. While regulations require due diligence, the challenge of keeping pace with third party risk once a year is not helping companies become more secure.

“Security risk today is incredibly dynamic and fast moving… It cannot be isolated to a single point-in-time answer given on a vendor questionnaire or one-time audit,” stated Dr. Aleksandr Yampolskiy, CEO & Co-founder of SecurityScorecard in a press release about the report. “Forward-looking organizations need a continuous and metrics-based view of security risk with real information depth in a context executives and board members can understand and easily digest, such as benchmark.”

Invite a Vendor Example

It is not enough to have a static security rating. SecurityScorecard gives its customers information depth with ten categories and factors, and allows its customers to share Scorecards directly with vendors to speed up the remediation process of known issues.

“To be truly actionable, enterprises need a multi-dimensional assessment approach across all key security risk factors like SecurityScorecard provides rather than a single-dimensional security rating,” stated ESG’s Oltsik in the report.

Learn why vendor risk is increasing, and how to use SecurityScorecard to help scale your vendor risk management.




Download the Report


Tips for Vetting the Security of Cloud Service Providers
SecurityScorecard Honored to Be a Part of the SINET 16 Showcase