Half of IT professionals are not confident their suppliers have effective security measures in place to protect sensitive data, but many are not requiring suppliers to pass security audits and some even continue to do business with suppliers that fail security standards.
These were some of the key findings in a recent report from Tripwire, which provides IT operations solutions. Of the more than 320 IT professionals surveyed, 47% said they are not confident in their business partners’ security measures. However, the same amount, 47%, do not require suppliers to pass security audits before signing a contract with them, and 25% do not evaluate their supply base to see if they are meeting security requirements. Additionally, 34% of these IT organizations use suppliers that fail to meet security standards, the survey showed.
Most IT organizations point to a lack of resources for not properly managing supplier security measures. Sixty-five percent of IT professionals said they did not have the resources to make sure suppliers meet the company’s security requirements. About a third said they “haven’t thought about it.”
The majority (81%) of IT professionals surveyed are confident in their own ability to keep sensitive customer data safe, but other findings show trust in their suppliers is lacking. This is despite the fact that 95% of respondents also said they believe a supplier security breach could expose valuable data. However, 61% of respondents also said they had bigger issues to focus on or were unconcerned such a breach would occur.
If a breach with a supplier did happen, survey respondents said customer confidence and brand image would be most impacted. Sixty-seven percent pointed to reduced customer confidence as the No. 1 impact should a breach occur with a supplier, and 83% said customer confidence would take a hit if a breach occurred internally within their organization. Fifty-nine percent percent pointed to brand damage in the event of a supplier data breach and 77% identified this as a main concern should an internal breach occur.
Another report by the RAND Corporation shows companies maybe don’t have to worry about brand damage after a data breach. About 25% of Americans surveyed said they had been told in the last year that their personal information was part of a data breach, yet just 11% of them stopped doing business with the hacked company. The survey also showed that 77% of consumers impacted by a business’ data breach were highly satisfied in the company’s response to the incident.
Still, a data breach could have devastating impacts on a company — take recent examples like the 2014 Target incident, which ended up impacting 40 million customers and costing the retailer millions in lawsuit settlements. Human errors are largely to blame for data breaches at companies, a new data breach report from Verizon shows. Human error within an organization is a main reason data security incidents occur. These errors created by someone at an organization include improperly disposing company information, sending sensitive data to the wrong person, losing company assets like laptops or smartphone and misconfiguration of IT systems, the Verizon report said.