It takes three to 12 months to respond to security breaches, according to the annual Vendor Risk Management (VRM) Benchmark Study from Shared Assessments Program and Protiviti that surveyed 554 risk management practitioners and C-level executives.
Respondents who were able to fix issues relating to successful cyberattacks in just one month declined by 17%, the consulting firm noted.
Last year, only 28% of respondents reported that these fixes took between three months to one year while that number has leapt to 37% this year, it pointed out.
In addition, as disruptions from breaches are increasing throughout the world, it also takes organizations longer to fix the underlying issues, said Protiviti.
Nearly 67% more organizations reported that they had experienced a significant disruption from a cyberattack or hacking incident compared to last year, the firm observed.
However, the overall maturity of vendor risk management programs is virtually unchanged since last year, it added.
Board engagement makes a difference
When it comes to combating risk, organizations with high levels of board engagement with, and understanding of, vendor risk management issues are more than twice as likely to have VRM programs that are operating at or above target level, compared with organizations that have low levels of board engagement in these issues, Protiviti pointed out.
APAC firms deploying AI to combat cyber threats
In terms of technology, 58.5% of Asia Pacific businesses plan to use AI for risk management—for example identifying and forecasting risks, running scenarios and simulations—in the next two years, survey results reveal.
In addition, 60% of businesses in the region are currently using AI to combat cybersecurity threats and predict cyber breaches; and plan to either maintain or increase their usage of it in years to come.
However, the adoption brings its own risks, said Protiviti.
When implementing advanced AI, 23.3% of APAC businesses say that considering the cybersecurity and data privacy risks involved was the most important lesson they learnt in the process.
Those who persevere are rewarded however, with 66% of APAC respondents saying the advanced AI has had a moderate to significantly positive impact on their ability to detect and predict cyber breaches, the consulting firm noted.
“To avoid devastating consequences of cyberattack such as reputation damage, an increasing number of organizations are moving away from high-risk vendor relationships as they seek to have better oversight of cyber security threats,” said Adam Johnston, managing director for Protiviti in Hong Kong.
A majority of organizations—55%—are extremely or somewhat likely to move or exit risky vendor relationships this year, a 2% increase compared to last year’s survey, he pointed out.