Skip to main content
The Actuary: The magazine of the Institute and Faculty of Actuaries - return to the homepage Logo of The Actuary website
  • Search
  • Visit The Actuary Magazine on Facebook
  • Visit The Actuary Magazine on LinkedIn
  • Visit @TheActuaryMag on Twitter
Visit the website of the Institute and Faculty of Actuaries Logo of the Institute and Faculty of Actuaries

Main navigation

  • News
  • Features
    • General Features
    • Interviews
    • Students
    • Opinion
  • Topics
  • Knowledge
    • Business Skills
    • Careers
    • Events
    • Predictions by The Actuary
    • Whitepapers
    • Moody's - Climate Risk Insurers series
    • Webinars
    • Podcasts
  • Jobs
  • IFoA
    • CEO Comment
    • IFoA News
    • People & Social News
    • President Comment
  • Archive
Quick links:
  • Home
  • Sections
  • News

Third-party cyber risks a 'glaring blind spot' for most companies, PwC finds

Open-access content Wednesday 13th October 2021
Third-party cyber risks a 'glaring blind spot' for most companies, PwC finds

The majority of large companies worldwide do not have a handle on third-party cyber risks in their supply chains, research by PricewaterhouseCoopers (PwC) has uncovered.

After surveying 3,600 C-suite executives, the researchers found that 60% do not have a thorough understanding of the risk of data breaches via third parties, while 20% have little or no understanding of the threat at all.

Notably, 56% of respondents said their organisations expect a rise in breaches through their software supply chain, yet only 34% have formally assessed their exposure to this risk. Similarly, 58% expect a jump in attacks on their cloud services, but only 37% understand these risks.

PwC said that third-party cyber risks are a “glaring blind spot” in an environment where 60% of the C-suite respondents anticipate an increase in cybercrime next year.

Sean Joyce, global and US cyber security and privacy leader at PwC US, said that organisations can be vulnerable to an attack even when their own cyber defences are good, adding: “A sophisticated attacker searches for the weakest link – sometimes through the organisation’s suppliers. 

“Gaining visibility and managing your organisation’s web of third-party relationships and dependencies is a must. Yet, in our research, fewer than half of respondents say they have responded to the escalating threats that complex business ecosystems pose.”

Of the C-suite executives who took part in the survey, 62% were from companies with $1bn (£0.7bn) and above in revenues, while 33% were at organisations with $10bn or more in revenues.

Auditing or verifying suppliers’ compliance, sharing information with third parties or helping them improve their cyber stance in another way, and addressing cost- or time-related challenges to cyber resilience, where the most common ways that respondents had tried to minimise third-party risks.

But a majority had not refined their third-party criteria or rewritten contracts, nor increased the rigour of their due diligence to identify third-party threats.

The research also found that companies with CEO engagement in setting and achieving cyber goals were far more likely to have seen progress in their cyber security outcomes.

“The most advanced organisations see cyber security as more than defence and controls, but as a means to drive sustained business outcomes and build trust with their customers,” Joyce continued.

“As leaders of organisations, CEOs set the tone for focusing their cyber teams on bigger-picture, growth-related objectives rather than narrower, short-term expectations.”
 

Image credit: iStock

Author: Chris Seekings

You may also be interested in...

InsurTech investment passes $10bn threshold for first time

InsurTech investment passes $10bn threshold for first time

Insurance technology start-ups have attracted more than $10bn (£7.3bn) of investment for the first time in any one year on record, with three months still left to go.
Wednesday 27th October 2021
Open-access content
Cyber security tops ranking of organisational risks for 2022

Cyber security tops ranking of organisational risks for 2022

Cyber security is the number one threat facing organisations in 2022, with climate change also a growing risk, research by the Chartered Institute of Internal Auditors (Chartered IIA) suggests.
Tuesday 28th September 2021
Open-access content
World's largest money managers see assets hit new record high

World's largest money managers see assets hit new record high

The world's 500 largest money managers have seen their assets grow to a new record high, despite challenges brought on by COVID-19, analysis by the Thinking Ahead Institute has found.
Tuesday 19th October 2021
Open-access content
TCFD sees record growth in climate disclosures

TCFD sees record growth in climate disclosures

The number of companies reporting in line with recommendations from the Task Force on Climate-related Financial Disclosures (TCFD) increased more between 2019 and 2020 than in any other year.
Wednesday 20th October 2021
Open-access content
Commercial insurance prices increase 15% worldwide

Commercial insurance prices increase 15% worldwide

Global commercial insurance prices increased by 15% in the third quarter of 2021, driven by substantial growth in cyber insurance rates, research by Marsh has found.
Wednesday 27th October 2021
Open-access content
Asset managers make significant progress on ESG efforts

Asset managers make significant progress on ESG efforts

Responsible investment (RI) policies have become the norm for asset managers worldwide, with the majority also now linking remuneration with sustainability risks.
Wednesday 29th September 2021
Open-access content
Filed in
News
Topics
Technology
Global
Share
  • Twitter
  • Facebook
  • Linked in
  • Mail
  • Print

Latest Jobs

Senior Reserving Analyst

London (City of)
Negotiable
Reference
149485

Senior GI Modeler - Capital and Planning

London (Central)
£ excellent
Reference
149436

Risk Oversight Manager

Flexible / hybrid with a minimum of 2 days per week office-based
£ excellent
Reference
149435
See all jobs »
 
 

Today's top reads

 
 

Sign up to our newsletter

News, jobs and updates

Sign up

Subscribe to The Actuary

Receive the print edition straight to your door

Subscribe
Spread-iPad-slantB-june.png

Topics

  • Data Science
  • Investment
  • Risk & ERM
  • Pensions
  • Environment
  • Soft skills
  • General Insurance
  • Regulation Standards
  • Health care
  • Technology
  • Reinsurance
  • Global
  • Life insurance
​
FOLLOW US
The Actuary on LinkedIn
@TheActuaryMag on Twitter
Facebook: The Actuary Magazine
CONTACT US
The Actuary
Tel: (+44) 020 7880 6200
​

IFoA

About IFoA
Become an actuary
IFoA Events
About membership

Information

Privacy Policy
Terms & Conditions
Cookie Policy
Think Green

Get in touch

Contact us
Advertise with us
Subscribe to The Actuary Magazine
Contribute

The Actuary Jobs

Actuarial job search
Pensions jobs
General insurance jobs
Solvency II jobs

© 2023 The Actuary. The Actuary is published on behalf of the Institute and Faculty of Actuaries by Redactive Publishing Limited. All rights reserved. Reproduction of any part is not allowed without written permission.

Redactive Media Group Ltd, 71-75 Shelton Street, London WC2H 9JQ