Panorays, a prominent provider of third-party security risk management software, undertook its 2024 CISO Survey gathering insights from 200 CISOs to gain an understanding of their sentiments regarding third-party security management, AI-driven solutions, and the challenges they are currently facing. The study revealed that 94% of CISOs are concerned about third-party cybersecurity threats, with 17% of them ranking it as a top priority. However, only 3% of organizations have already implemented a third-party cyber risk management solution, while 33% are planning to do so in the coming year. In 2024, nearly two-thirds of CISOs expect the third-party cyber risk management budget to increase, with 40% anticipating a budget increase between 1-10%.
Matan Or-El, the Founder and CEO of Panorays, emphasized the importance of bridging the gap between awareness of third-party cybersecurity vulnerabilities and implementing proactive measures. Or-El noted that as AI technologies continue to evolve, bad actors will exploit these advancements for malicious purposes, posing risks such as data breaches and operational disruptions.
The survey revealed that CISOs at very large enterprises are more concerned about third-party cybersecurity threats compared to mid-size enterprises. While only 7% of CISOs reported being unconcerned, 34% are actively implementing a third-party cyber risk management solution. Additionally, 26% are planning to implement a new solution in 2025 or later, highlighting the current low adoption rate of third-party security solutions. Moreover, most organizations have teams comprising IT, risk, operations, privacy, back-office, or external service providers managing third-party cyber risk, with 79% of them consisting of 6 to 20 people.
Regarding AI-driven solutions, 80% of CISOs expressed confidence in their ability to prevent a significant number of breaches. Tools such as cyber questionnaires for third parties, compliance management tools, and API monitoring of third parties were rated as the most effective in reducing third-party threats.
The top challenge reported by CISOs for 2024 in third-party risk management was complying with new regulations for third-party risk management, followed by communicating the business influence of third-party risk management and the lack of resources to manage risk in the growing supply chain.
In choosing the right third-party cyber risk management solution, CISOs viewed risk quantification, receiving suggested remediation actions, threat intelligence, and integration with other systems as important capabilities. The study concludes the importance of addressing regulatory changes and escalating third-party cyber risks in 2024, despite resource constraints and the rising frequency of AI-related breaches.
The 2024 CISO Survey included a diverse sample of 200 CISOs from various industries such as financial services, technology, insurance, travel, hospitality, healthcare, and more. Panorays is a rapidly growing provider of third-party security risk management software, serving enterprise and mid-market customers primarily in North America, the UK, and the EU. Their platform has been adopted by leading banking, insurance, financial services, and healthcare organizations. Headquartered in New York and Israel, Panorays is funded by numerous international investors and is committed to addressing the evolving challenges of third-party cybersecurity. To learn more about Panorays, visit their website at www.panorays.com.