Kaspersky finds third party policies make it 3 times more likely for enterprises to receive compensation after supply-chain attacks

According to a survey of IT security leaders commissioned by Kaspersky, nearly three-quarters (71%) of enterprises who have specific data usage guidelines for partners and subcontractors received compensation after an incident that affected suppliers they share information with. In comparison, only 22% of organizations of the same size who do not have regulations in place reported the same feedback.

In order for subcontractors to fulfil their work obligations, organizations often allow them access to their sensitive data and IT assets. In fact, according to Gartner research, 71% of organizations have more third parties in their network presently than they had three years ago, and this number is expected to grow in the next three years.

Kaspersky’s IT Security Economics report revealed that 79% of enterprises have special policies in place explaining to partners and suppliers how to work with shared resources and data, as well as any penalties they may incur. According to the survey, damage from incidents is estimated to cost $2.57m on average, with data breaches among the three costliest problems faced by enterprises. For example, Kaspersky researchers have discovered a number of sophisticated supply chain attacks, including ShadowPad.

One of the main benefits of implementing third party policies is that they resolve issues around accountability by defining the areas of responsibility for both of the organizations involved. As a result, this increases the chances that a company will recieve compensation from a supplier that becomes an entry point for an attack. Additionally, having a policy in place boosts the likelihood of compensation amongst small to medium businesses (SMBs) with 68% of SMBs with policies in place reporting that they received money, compared to only 28% of those who did not implement rules for their subcontractors.    

“As the survey results highlight, it is important for organizations of all sizes to have data usage guidelines in place when working with third party partners,” said Andrey Pozhogin, senior product marketing manager, B2B product marketing at Kaspersky. “In doing so, organizations are able to ensure they will be compensated should they be affected by a data breach that did not occur through any fault of their own.”

For more information on the survey’s findings, the full report is available here.

About the Survey

The Kaspersky Global Corporate IT Security Risks Survey (ITSRS) is a global survey of IT business decision makers, which is now in its 9th year. A total of 4,958 interviews were conducted across 23 countries. Respondents were asked about the state of IT security within their organizations, the types of threats they face and the costs they have to deal with when recovering from attacks. The regions covered include LATAM (Latin America), Europe, North America, APAC (Asia-Pacific with China), Japan, Russia and META (Middle East, Turkey and Africa).

About Kaspersky

Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at usa.kaspersky.com.