Today the Cyentia Institute published “Ripples Across the Risk Surface,” an in-depth study sponsored by RiskRecon that analyzes more than 800 cyber incidents and their impact on multiple downstream organizations. According to the study, multi-party loss events that impact thousands of downstream organizations, otherwise known as “ripple events,” result in 13X larger financial loss than traditional single-party incidents. The objective of this first-of-its-kind study is to raise market awareness on the hyper interdependencies organizations have on other organizations, and the ripple effect that grows by an order of magnitude beyond that singular data loss event.
“Media headlines continue to fixate on the number of records breached within a single organization, but they rarely tell the full story,” said Kelly White, CEO and co-founder of RiskRecon. “Most breach research doesn’t explain the downstream impact of ripple events and that these incidents no longer simply impact a single organization. Together, Cyentia and RiskRecon are exposing an often-overlooked pattern: lacking proper third-party risk controls can contaminate the entire enterprise ecosystem where sensitive data is stored and shared.”
Cyentia Institute leveraged cyber loss database, Advisen, for an objective view into historical data comprised of more than 90,000 cyber events. Of those events, Cyentia found that since 2008, more than 800 cyber incidents involved at least three organizations. And of these approximately 800 multi-party incidents, a total of 5,437 downstream loss events occurred – i.e., organizations impacted by cyber incidents other than the primary victim. In fact, downstream entities affected by multi-party incidents outnumber primary victims by 850%. And to further highlight the takeaways of this analysis, based on historical insight, it is projected that multi-party incidents will continue to overall increase at an average rate of 20% per year.
Analysis into the specific industries most severely impacted by ripple events was conducted through Cyentia Institute’s adoption of the North American Industry Classification System (NAICS). Based on this data, the sectors that possess the highest concentration of personal data and information (credit bureaus, banks, collection agencies and hotels) account for nearly 60% of all organizations generating ripple effects. It’s these same industries that also typically have large digital footprints, and often maintain extensive third-party relationships.
“As an industry, we’ve waited far too long to address the interconnected nature of today’s risk landscape,” said Wade Baker, founder of Cyentia Institute. “The startling truth from the data is that complex digital ecosystems fuel the kind of cyber incidents that send dangerous ripple effects across numerous organizations. Together with RiskRecon, we hope that our study looking at the increasing rate and severity of multi-party data loss events will instill an immediate response to improving the way we manage risk across every facet of business.”
To download the full report “Ripples Across the Risk Surface,” visit: https://www.riskrecon.com/ripples-across-the-risk-surface
About Cyentia Institute
Cyentia Institute is a Virginia-based cybersecurity research services firm. We deliver high-integrity, high-quality, data-driven research that provides security companies with meaningful marketing content to build mindshare, drive sales, and attain greater visibility in competitive markets. In doing so, we seek to advance cybersecurity knowledge and practice for the community at large. In addition, we curate and publish a library of cybersecurity research and reporting which serves as a vital reference for security decision makers and practitioners worldwide.
RiskRecon is the only continuous vendor monitoring solution that delivers risk-prioritized action plans custom-tuned to match your risk priorities, providing the world’s easiest path to understanding and acting on third-party cyber risk. Partner with RiskRecon to build your scalable, third-party risk management program to efficiently realize dramatically better risk outcomes. To learn more about RiskRecon’s approach, request a demo or visit the website at www.riskrecon.com.