The Cost of Third-Party Cybersecurity Risk Management

1 minute read

March 2019

Third parties are inundated with assessments and enterprises aren’t getting the insights they need – and the cost of failure is high.

In the past two years, 82% of organizations have experienced one or more data breaches caused by a third party, costing an average of $7.5 million to remediate.


of organizations believe vetting third parties is critical. However, 60% of organizations believe they are only somewhat or not effective at vetting third parties.

Third parties spend 15,000+ hours completing assessments each year

Enterprises only take action on 8% of the assessments they receive.

Retail & Financial Services

Reported the most third-party breaches, despite the fact that their third parties spend more than 16,500 hours a year filling in manual assessments.

Health & Pharma

are most likely to use a combination of tools to assess their third parties and less likely to have a third-party breach.


of organizations use manual procedures like spreadsheets and 51% employ risk scanning tools to vet their third parties.

Over 54%

of respondents said the results of these tools provide, at best, only somewhat valuable information.

The cost of failing to vet and evaluate third parties effectively is $13,000,000 (costs include potential impact on reputation and brand, decreases in share value, loss of business, etc.)

Related Articles

About Us

ProcessUnity is a leading provider of cloud-based applications for risk and compliance management. The company’s software as a service (SaaS) platform gives organizations the control to assess, measure, and mitigate risk and to ensure the optimal performance of key business processes. ProcessUnity’s flagship solution, ProcessUnity Vendor Risk Management, protects companies and their brands by reducing risks from third-party vendors and suppliers. ProcessUnity helps customers effectively and efficiently assess and monitor both new and existing vendors – from initial due diligence and onboarding through termination. Headquartered outside of Boston, Massachusetts, ProcessUnity is used by the world’s leading financial service firms and commercial enterprises. For more information, visit