Companies Worry Third Parties Won't Reveal Sensitive Data Breaches, Survey Finds
Thirty-seven percent of U.S. businesses lack confidence that their third-party vendors would inform them if a data breach involving sensitive information occurred, said a Ponemon Institute Web-based survey commissioned by law firm BuckleySandler and Treliant Risk Advisors. Ponemon surveyed 598…
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
people in various industries, and involved companies that had a vendor data risk management program. "The study reveals the difficulty companies have in mitigating, detecting and minimizing risks associated with third parties that have access to their sensitive or confidential information," the survey said. It found that 73 percent of respondents didn't believe indirect service providers or subcontractors hired by a third-party vendor would notify companies of a data breach. "The risk to strategic data assets extends beyond any single third-party but rather to the web of relationships that comprise the data ecosystem," BuckleySandler Managing Director Rena Mears said in a Monday news release. Companies worry about data safeguards, security policies and procedures implemented by third parties, but the survey said that companies "rarely" perform reviews of vendor management policies and programs involving data risk. "Companies should compile a comprehensive inventory of and conduct data and privacy risk assessments for all third-party vendors; however, we found that few companies represented in this research, in particular those outside the regulated banking sector, have done so," Treliant Chief Business Officer Susanna Tisa said.