A new survey by Cybertrust revealed today that while most businesses feel their partners increase their information security risk, less than half of these organizations actually assess their partners’ security.
Of the more than 200 organizations surveyed by Cybertrust, close to three-quarters felt that partners increased their levels of information security risk and 13 percent of these organizations have terminated a business partnership because of information security concerns.
But only about half of the respondents said they assessed their partners' information security systems. And even among these, very few actually required questionnaires or third-party audits.
"While organizations have evolved from isolated enterprises to highly collaborative networks of partners they continue to take the isolated approach when it comes to information security," said Peter Tippett, Cybertrust CTO. "While compliance mandates and security audits drive many security programs internal to an organization, they have yet to implement a programmatic way of assessing the security of their external networks, which includes partners. Without this awareness, organizations continue to leave themselves open to financial and legal risks, as well as brand implications."
According to the survey, 32 percent of respondents suffered at least one type of security incident involving business partners within the last year. Another 12 percent were unsure if they had suffered such an incident. Most prevalent among these incidents were malicious code infections.
Click here to reach West Coast Bureau Chief Ericka Chickowski.