Skip to main content
The Actuary: The magazine of the Institute and Faculty of Actuaries - return to the homepage Logo of The Actuary website
  • Search
  • Visit The Actuary Magazine on Facebook
  • Visit The Actuary Magazine on LinkedIn
  • Visit @TheActuaryMag on Twitter
Visit the website of the Institute and Faculty of Actuaries Logo of the Institute and Faculty of Actuaries

Main navigation

  • News
  • Features
    • General Features
    • Interviews
    • Students
    • Opinion
  • Topics
  • Knowledge
    • Business Skills
    • Careers
    • Events
    • Predictions by The Actuary
    • Whitepapers
    • Moody's - Climate Risk Insurers series
    • Webinars
    • Podcasts
  • Jobs
  • IFoA
    • CEO Comment
    • IFoA News
    • People & Social News
    • President Comment
  • Archive
Quick links:
  • Home
  • Sections
  • News

Third-party cyber risks a 'glaring blind spot' for most companies, PwC finds

Open-access content Wednesday 13th October 2021
Third-party cyber risks a 'glaring blind spot' for most companies, PwC finds

The majority of large companies worldwide do not have a handle on third-party cyber risks in their supply chains, research by PricewaterhouseCoopers (PwC) has uncovered.

After surveying 3,600 C-suite executives, the researchers found that 60% do not have a thorough understanding of the risk of data breaches via third parties, while 20% have little or no understanding of the threat at all.

Notably, 56% of respondents said their organisations expect a rise in breaches through their software supply chain, yet only 34% have formally assessed their exposure to this risk. Similarly, 58% expect a jump in attacks on their cloud services, but only 37% understand these risks.

PwC said that third-party cyber risks are a “glaring blind spot” in an environment where 60% of the C-suite respondents anticipate an increase in cybercrime next year.

Sean Joyce, global and US cyber security and privacy leader at PwC US, said that organisations can be vulnerable to an attack even when their own cyber defences are good, adding: “A sophisticated attacker searches for the weakest link – sometimes through the organisation’s suppliers. 

“Gaining visibility and managing your organisation’s web of third-party relationships and dependencies is a must. Yet, in our research, fewer than half of respondents say they have responded to the escalating threats that complex business ecosystems pose.”

Of the C-suite executives who took part in the survey, 62% were from companies with $1bn (£0.7bn) and above in revenues, while 33% were at organisations with $10bn or more in revenues.

Auditing or verifying suppliers’ compliance, sharing information with third parties or helping them improve their cyber stance in another way, and addressing cost- or time-related challenges to cyber resilience, where the most common ways that respondents had tried to minimise third-party risks.

But a majority had not refined their third-party criteria or rewritten contracts, nor increased the rigour of their due diligence to identify third-party threats.

The research also found that companies with CEO engagement in setting and achieving cyber goals were far more likely to have seen progress in their cyber security outcomes.

“The most advanced organisations see cyber security as more than defence and controls, but as a means to drive sustained business outcomes and build trust with their customers,” Joyce continued.

“As leaders of organisations, CEOs set the tone for focusing their cyber teams on bigger-picture, growth-related objectives rather than narrower, short-term expectations.”
 

Image credit: iStock

Author: Chris Seekings

Filed in
News
Topics
Technology
Global

You might also like...

Share
  • Twitter
  • Facebook
  • Linked in
  • Mail
  • Print

Latest Jobs

Life Reinsurance – Client Manager/Senior Manager

London (Central)
£ excellent + bonus + benefits
Reference
143661

Life Actuarial Analyst

South East / hybrid with 3 days per week office-based
£ dependent upon experience
Reference
143660

Investment Associate Consultant

Flexible / hybrid
£ dependent upon experience
Reference
143659
See all jobs »
 
 

Today's top reads

 
 

Sign up to our newsletter

News, jobs and updates

Sign up

Subscribe to The Actuary

Receive the print edition straight to your door

Subscribe
Spread-iPad-slantB-june.png

Topics

  • Data Science
  • Investment
  • Risk & ERM
  • Pensions
  • Environment
  • Soft skills
  • General Insurance
  • Regulation Standards
  • Health care
  • Technology
  • Reinsurance
  • Global
  • Life insurance
​
FOLLOW US
The Actuary on LinkedIn
@TheActuaryMag on Twitter
Facebook: The Actuary Magazine
CONTACT US
The Actuary
Tel: (+44) 020 7880 6200
​

IFoA

About IFoA
Become an actuary
IFoA Events
About membership

Information

Privacy Policy
Terms & Conditions
Cookie Policy
Think Green

Get in touch

Contact us
Advertise with us
Subscribe to The Actuary Magazine
Contribute

The Actuary Jobs

Actuarial job search
Pensions jobs
General insurance jobs
Solvency II jobs

© 2023 The Actuary. The Actuary is published on behalf of the Institute and Faculty of Actuaries by Redactive Publishing Limited. All rights reserved. Reproduction of any part is not allowed without written permission.

Redactive Media Group Ltd, 71-75 Shelton Street, London WC2H 9JQ