Vendors are Responsible for Almost Half of All Data Breaches


The latest data from a survey of 600 SpiceWorks IT and Security professionals shows that vendor users aren’t doing their part to keep your organization’s data safe.

If your organization relies on vendors as part of your operations, it’s likely that some portion of your sensitive data may need to be placed into their hands. The expectation would be (of course) that the vendor will take as much care around securing the data as you would. But a recent survey commissioned by eSentire, shows vendors are putting your organization at risk more than you’d like.

According to the survey data, almost half of organizations surveyed experienced a significant breach caused by a vendor. This, despite nearly two-thirds of organizations having some form of formalized third-party security policies.

Of the breaches, two specific trends emerged:

  • In 50% of breaches, malware was involved
  • In 26% of breaches, human error and stolen passwords were involved

In both of these cases, a human is involved. Remember, malware doesn’t install itself; users need to click a link or open an attachment to help malware along. And stolen passwords occur either due to bad practices around protecting them from others, or are a result of a cybercriminal gaining admin-level control over an endpoint (see malware above…).

So, vendors, like your own organization, have a user problem. Users aren’t security-savvy, aren’t protection-minded, and aren’t attack-conscious. All organizations interacting with your critical data (and that includes your org) need to mandate users continually taking Security Awareness Training to educate users around security and password best practices, cyberattack methods, and how to elevate their own sense of security as part of doing their job.

Your Supply Chain Is A Massive Risk. How Do You Mitigate This?

Using third party vendors helps you increase efficiencies but also introduces risk into your organization. Confirming the Spiceworks research mentioned before, Ponemon Institute’s 2018 “Data Risk in the Third-Party Ecosystem” study, 59% of orgs experienced a data breach caused by a third-party vendor.

So you have to make sure that your vendors use best-in-class security practices, and we are excited to announce we have expanded our new KCM GRC product with the new Vendor Risk Management module. KCM GRC now includes four modules:

  1. Compliance,
  2. Policy,
  3. Risk and
  4. Vendor Risk.

Now, you can effectively and efficiently manage risk and compliance within your organization and across your third-party vendors, while gaining insight into gaps within your security program.

The Problem

You have challenging compliance requirements, not enough time to get audits done, and keeping up with risk assessments including third-party vendors is a continuous problem.

Big, complex GRC platforms are expensive, take forever to deploy, and need 2 people with wrenches to keep them going. Meanwhile, your compliance, risk, and audit projects are piling up because of the lack of resources. Your organization does not need overly complex workflows, but somehow GRC vendors think “complex is good” and expensive.

Specific GRC Problems that IT Teams Face:

  • Challenging compliance requirements
  • Not enough time to get audits done
  • Keeping up with risk assessments
  • Vetting and managing vendors to mitigate third-party risk
  • Lack of resources
  • No easy-to-use tools
  • The Problem Related to Vendor Risk Management

59% Experienced A Data Breach Caused By A Third-Party Vendor

With more than half of all breaches originating through vendors, effectively mitigating your third-party risk is crucial. We know that managing your vendors has become difficult to do without a centralized platform and a defined process that gives you visibility into the tasks and controls that need to be addressed by your vendors.

Without an easy and affordable platform to manage risks related to your vendors these are some of the pain points we’ve heard from you:

  • Traditional spreadsheets make it hard to keep track of all your vendors and data
  • You have no easy view into your vendors’ strengths and weaknesses without manual effort
  • There is limited time and lack of resources to assess vendors
  • No consistent or standard process for assessment of vendors
  • Difficult to monitor your vendors’ risk
  • You need a better way to understand which vendors have access to certain data
  • Being able to efficiently handle vendor offboarding questionnaires

Managing This Problem

The KCM GRC platform was developed to save you the maximum amount of time getting GRC done. Old-school GRC offerings require many months of
implementation and high consulting hours to stand up. KCM GRC has a simple, intuitive user interface, easy to understand workflows, a short learning curve, and will be fully functional in a matter of days.

In half the time and half the cost, with KCM GRC you can efficiently manage compliance and risk initiatives, vet and manage third-party risk, and understand at a glance what items need to be addressed.

Get Your Audits Done In Half The Time At Half The Cost

When your next audit comes up, are you thinking: “UGH, is it that time again?” It does not have to be that way! With KnowBe4’s KCM you can manage your compliance and risk projects and vet and monitor your third-party vendors faster than ever. KCM is a surprisingly affordable Governance, Risk and Compliance (GRC) SaaS platform that will get your audits done in half the time!

Special Sales Promotion

A special limited time upgrade offer with a discount to get our Platinum Subscription Level at 20% off*. With an upgrade to Platinum, you can now add the new Vendor Risk Management module to your platform.

Get A First Look At The New Vendor Risk Management Module.

Watch this 8-minute on-demand product demonstration for a first look at the new Vendor Risk Management module. See how you can simplify the challenges of managing your compliance requirements and ease your burden when it’s time for risk assessments and audits. See it here:


Request a Demo of KCM GRC

The new KCM GRC platform helps you get your audits done in half the time, is easy to use, and is surprisingly affordable. No more: "UGH, is it that time again!" 

products-KCM2-2With KCM GRC you can:

  • Reduce the amount of time and money required to easily manage your compliance, risk, and audit requirements
  • Automate reminders so you can quickly see what tasks have been completed, not met, and are past due
  • Simplify risk management with an intuitive interface simple workflow based on NIST 800-30.
  • Efficiently manage your third-party vendor risk requirements
  • Quickly implement compliance and risk assessment processes using KnowBe4's pre-built requirements and assessment templates

Request Your Demo

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews