The Identity Blog

Background image

New SecZetta Survey

New SecZetta Survey:  83% of U.S. Adults Cite Increased Third-Party Access as Catalyst for Surge in Data Breaches

53% of U.S. adults lack confidence in the U.S. Government’s ability to thwart cyberattacks

Fall River, Mass., August 11, 2021 –  A new survey from SecZetta, a leading provider of third-party identity risk solutions, of more than 2,000 U.S. adults revealed 83% of respondents agree that because organizations increasingly rely on contractors, freelancers, and other third-party workers, their data systems have become more vulnerable to cyberattacks. Further, 88% of U.S. adults say organizations and government entities must have better data security systems in place to protect them from the increase in third-party remote attacks. Of particular note, 53% of respondents lack confidence in the strength of the U.S. government’s infrastructure to protect the American people from cyberattacks.

Recent high-profile breaches, including Solar Winds, Colonial Pipeline, and JBS Foods, have exposed how vulnerable organizations are to cybercrime and in particular ransomware attacks.  Of note with recent attacks is how data breaches can quickly affect aspects of everyday life, such as the ability to fill a car with gasoline or buy meat at the grocery store. To rebuild consumer trust, survey respondents say organizations must invest in advanced technology systems that help proactively reduce their risk of third party-perpetrated cyberattacks.

“The surge in high-profile cyberattacks in recent months has shown how seemingly easy it is for bad actors — whether human or bots — to infiltrate an organization’s data security infrastructure, creating chaos for the company and potential harm for consumers,” said David Pignolet, founder and CEO of SecZetta. “Many of these attacks originated through weaknesses in these organizations’ risk-based identity access and lifecycle strategies for non-employee populations.”

Safeguarding an organization from cybercrime has become vastly more difficult given how digitized, and correspondingly interconnected, the world has become.  According to recent data from the Ponemon Institute, 51% of breaches are caused by a third party,​​ and more than half of respondents admit their organizations are not evaluating the security and privacy practices of these third-party non-employees before granting them access to sensitive and confidential information and systems.

 

Key insights from SecZetta’s survey include:

Survey Respondents Believe Third Parties Increase the Risk of Cyberattacks

  • More than four in five U.S adults (83%) cite increased reliance on third-party workers as catalyst for surge in data breaches
  • 88% of respondents agree organizations must have a system in place to help mitigate the risk of third-party related cyberattacks, with more than half (54%) strongly agreeing.

 

Consumer Trust Varies Depending on the Industry

  • Survey results show U.S. adults believe some industries are better at mitigating cyberattacks than others, but none are doing particularly well. When asked how confident they are in the following industries’ infrastructure to protect against cyberattacks:
    • Fifty-three percent of U.S. adults lack confidence that the U.S. government has the best infrastructure in place to protect Americans from cyberattacks;
      • Those in the Northeast are more likely to say they’re confident in the government’s ability to thwart cyberattacks than those in the South, Midwest or West.
  • U.S. adults are least confident in the oil, gas and utilities industries, with only 45% saying they feel confident. Men were slightly more likely to say they were confident than women (48% vs. 43%).
  • Fifty-six percent of respondents express confidence that the healthcare and/or health insurance industries have the appropriate infrastructure in place to protect them from the impacts of cyberattacks.
  • Slightly more than half (52%) of U.S. adults feel confident in consumer-facing industries (i.e., financial services, retail) with men being slightly more confident than women (55% vs. 48%).

 

U.S. Adults Lack Confidence in Organizations’ Ability to Prevent Cyberattacks

  • More than three-quarters (78%) of U.S. adults believe it’s easy for cybercriminals to breach an organization.
  • Seventy-three percent of  U.S. adults believe most organizations today lack good controls over who has access to their computer systems and/or data.
    • Of this group, those 55 years and older were more likely to agree with this statement.
  • More than half of U.S. adults (54%) express concern they and/or a family member will be directly impacted by a cyberattack on an organization with which they do business.
  • Of this group, those 30 years and older are more likely to be concerned, while men are slightly more concerned than women (57% vs. 51%).

 

Personal Financial Loss is of Deepest Concern to U.S. Adults

  • When asked which areas of their personal lives they feel are most vulnerable to a cyberattack, close to half of respondents (42%) cited the potential for personal financial impact from a cyberattack on an organization with which they have a relationship.
    • Of this group, those aged 30 and older are more concerned about experiencing financial loss, presumably due to having more assets to lose.
  • Nearly a quarter (24%) are most concerned about the impact from disruptions to utilities and other critical industries.
  • Fourteen percent are worried about disruptions to the U.S. food supply.

 

“The results of the survey clearly demonstrate heightened awareness of cybercrime across the general public who identify increased reliance on third-party workers as a leading cause of the surge in data breaches,” said Pignolet. “Given that many enterprise organizations provide access to significantly more third-party workers, including their supply chains, than full-time employees, it’s imperative they adopt comprehensive third-party identity risk management solutions to not just protect themselves and their assets, but safeguard customers from financial loss, the exposure of personally identifiable information, and the downstream effects of disruption to our country’s infrastructure. This includes the food supply chain, utilities, and even our national security.”

Too many organizations lack automated and effective methods to centrally track and manage their relationships with the burgeoning number of third parties with whom they do business. This, coupled with the lack of information organizations have about these third parties, makes them a cybercriminal’s best friend. The recent Presidential Executive Order (EO) mandates the federal government “improve its efforts to identify, deter, protect against, detect, and respond to these actions and actors.”  For organizations looking to make changes to their third-party identity risk security measures, there are steps they can implement today including: properly identifying who each third party is and the sensitive data to which they have access; conducting regular user audits to ensure third parties have access based on the least amount of privilege necessary to do their jobs; extending Zero Trust programs to third-party non-employees; and conducting continuous risk ratings of the individuals working within a third-party vendor or partner, not just the organization as a whole.

As cyberattacks on organizations and government entities continue to grow in size and impact, so too will U.S. adults’ concerns about the impact these breaches can have on their daily lives. It’s time organizations and the government take action before they’re affected by the hard and soft costs of reputational damage.

 

SecZetta’s omnibus survey of 2,085 U.S. adults, aged 18 and older, was conducted online between June 29 and July 2, 2021.