small-logo
ProfessionalsCapabilitiesInsights & NewsCareersLocations
About UsAlumniOpportunity & InclusionPro BonoCorporate Social Responsibility
Stay Connected:
facebookinstagramlinkedintwitteryoutube
  1. Privacy & Data Security

Blog

Survey: Third Party Data Breaches Are Increasing, Many Companies Not Prepared

  • PDFPDF
    • Email
    • LinkedIn
    • Facebook
    • Twitter
    Share this page
  • PDFPDF
    • Email
    • LinkedIn
    • Facebook
    • Twitter
    Share this page

Blog

Survey: Third Party Data Breaches Are Increasing, Many Companies Not Prepared

  • PDFPDF
    • Email
    • LinkedIn
    • Facebook
    • Twitter
    Share this page

1 Min Read

Author

Steven Grimes

Related Locations

Chicago

Related Topics

Data Breach

Related Capabilities

Privacy & Data Security
Trade Secrets, Non Competes & Restrictive Covenants

Related Regions

North America

December 5, 2018

In November 2018, Ponemon Institute released a report on Data Risk in the Third Party Ecosystem based on a survey of 1,038 IT and IT security practitioners in the U.S. and UK. Their report focused on challenges companies face when sharing confidential or sensitive information with third parties, noting that companies are increasing the number of third parties with whom they share data, and that data breaches involving third parties are increasing year-over-year.

Ponemon found that “[i]n high performing organizations, third party governance is a priority with sufficient resources allocated,” though concluded that “[i]n many organizations, managing outsourced relationship risk is not a priority.” Among other things, the survey found the following:

  • 59% of respondents confirmed that their organizations had experienced a data breach caused by a third party.
  • Few companies (34%) maintain a comprehensive inventory of all third parties who receive the company’s sensitive and confidential information.
  • Only 35% of respondents rated their organization’s third party risk management program as highly-effective, and only 39% indicated that they regularly report to the board of directors regarding the effectiveness of their program.
  • Only 42% of respondents said their organizations frequently assess third parties’ programs and policies to ensure they meet changing risks and regulations, and 54% said they do not monitor the privacy and security practices of their third party vendors.

TIP: As third parties increasingly handle company data, companies need to proactively implement strategies and protocols to manage this risk as part of their information security and trade secret protection plans.

Related Professionals

Related Professionals

Steven Grimes

Steven Grimes

This entry has been created for information and planning purposes. It is not intended to be, nor should it be substituted for, legal advice, which turns on specific facts.

Logo
facebookinstagramlinkedintwitteryoutube

Copyright © 2025. Winston & Strawn LLP

AlumniCorporate Transparency Act Task ForceDEI Compliance Task ForceEqual Rights AmendmentLaw GlossaryThe Oval UpdateWinston MinutePrivacy PolicyCookie PolicyFraud & Scam AlertsNoticesSubscribeAttorney Advertising