When asked if their organizations had suffered a security incident involving business partners within the previous year, 32 percent of respondents reported at least one type of incident, with an additional 12 percent unsure. Of those organizations reporting incidents, malicious code was the most prevalent, with 43 percent of respondents reporting infections, followed by unauthorized network access (27 percent), denial of service (9 percent), system abuse or misuse (8 percent), data theft (7 percent), and fraud (6 percent).
"While organizations have evolved from isolated enterprises to highly collaborative networks of partners, suppliers, vendors, and contractors, they continue to take the isolated approach when it comes to information security," according to Cybertrust Chief Technology Officer Peter Tippett. "While compliance mandates and security audits drive many security programs internal to an organization, they have yet to implement a programmatic way of assessing the security of their external networks, which includes partners. Without this awareness, organizations continue to leave themselves open to financial and legal risks, as well as brand implications."
Organizations resoundingly feel that assessing the information of business partners is a priority -- 91 percent of respondents felt that information security relating to business partnerships should be given moderate to high priority by senior management. However, the actual level of priority given by management reflects a different reality. About half of respondents felt that management gives information security no or low priority; the other half felt management placed moderate or high priority on assessing partner security. These findings represent approximately a 45 percent difference between what respondents feel should be done, and what ultimately is done, at their organizations.
