A new survey of compliance professionals reveals that the overwhelming majority (90%) of tech organisations were negatively impacted by a third-party data incident through 2021.

data network across the globe

The findings come through compliance operations company, Hyperproof’s latest IT Compliance Benchmark Report, which contains comprehensive benchmarks on how companies manage IT risks and compliance efforts at a time when requirements are increasing in complexity.

The responses, collected in December of 2021, come from 1,014 compliance and IT risk management professionals in the technology industry. 70 percent of respondents work for companies headquartered in the US and the remainder work for companies headquartered in the UK.

The survey revealed that third-party risk management is top of mind for many respondents, with half of all respondents (51%) found to be planning to expand their third-party risk management program in 2022. In fact, greater awareness of third-party risk emerged as one of the top reasons organisations have chosen to increase their overall IT risk and compliance management budget in 2022.

A negative impact due to a third-party incident in the past year was reported by 90% of all survey respondents. Such incidents range supply chain disruptions to data breaches and compliance violations related to an organisation’s lack of oversight over their third-parties.

The study also found that data breaches continue to plague organisations. In the survey, 63% of respondents reported that they experienced a data breach that led to the disclosure of regulated data – such as protected health information or other sensitive data – in the last 24 months.

Among respondents who had knowledge of data breaches within their organisation, the biggest proportion — 44% of respondents – reported that they lost between $1-5 million. The average amount lost was $4.58 million.

Interestingly, not all organisations suffered equally from data breaches. Those that take an integrated approach to IT risk management and make an effort to align their risk and compliance activities proved much better at avoiding data breaches compared to organisations that see their compliance function as the function that enforces rules and regulations (and conduct risk and compliance activities in silos).

While 63% of survey respondents overall reported that their organisation had experienced a security breach in the past 24 months, only 47% of those who take an integrated approach to risk management and compliance activities experienced a security breach. Meanwhile, 68% of all “compliance-centric” respondents experienced a security breach in the past two years.

PrivSec Global

Where Privacy and Security Meet.

Featuring over 120+ speakers across 52+ sessions, PrivSec Global will cover the most pressing and challenging topics from across the data protection, privacy and security sectors.

Registration for the next PrivSec Global taking place on 29th & 30th June 2022 is now open, secure your place today.


PrivSec Global