Topic

A third-party breach incident is the “most-likely” type of future cyber incident for more than 54% of evaluated publicly-traded organizations.

July 21, 2023

How Metrics Can De-Mystify Third-Party Cyber Risk

How Metrics Can De-Mystify Third-Party Cyber Risk

In an increasingly connected and networked corporate world, cyber risk generated by third parties is a growing concern for corporate boards and other stakeholders.

Applying the ISS ESG Cyber Risk Score’s Incident Type Likelihood model, ISS Corporate Solutions found that a third-party breach is the “most-likely” type of future cyber incident to impact organizations when compared to all other incident types.

Third-party cyber risk is notoriously difficult to manage, given the limits of what companies know about all their suppliers and partners. Fortunately, the growing sophistication of third-party risk management as a discipline and tools such as the Incident Type Likelihood model can help companies predict both the source and the type of future cyber incidents.

Our research using the ISS ESG model shows that the most likely type of attack varies widely, depending on factors such as sector and company size. For example, large companies are much more likely to experience a third-party attack than small ones, and heath care businesses are more likely to face a ransom/malware attack than companies in the energy and construction sectors.

Read the full report here.


Authored by:
Douglas Clare, Managing Director, Cyber Strategy, ISS Corporate Solutions

Share this
Get WEEKLY email ALERTS ON THE LATEST ISS INSIGHTS.