Surprising privacy stats about third-party vendors

Nowadays a lot of enterprises both either small or big work with plenty of different third-party vendors to solve a bunch of tasks any company has: from accounting to customer management. However, not everyone fully comprehends how doing so significantly impacts a company’s privacy risk.

We've gathered several surprising stats about privacy risks you may have when you work with third-party vendors. 

Vendor likely won't notify you if it had a data breach

50%+ third-party vendors have data leak 

According to the latest study of BeyondTrust more than half of those respondents who experienced data breach believe to have third-party vendor-related breaches. 


Number of vendors keeps growing

In the past year, three-quarters of organizations have increased the number of vendors accessing IT systems (Bomgar). As a result, keeping track of the information shared with third parties and monitoring their security posture is virtually impossible using such tools as manual data collection and reviews.

In our GDPR Management Platform, we gave our customers the ability to automatically scan their website to discover those third-party vendors that have access to your website or add them manually. After that, you may perform GDPR compliance due diligence of all your vendors in a matter of minutes rather than days. 

All thanks to WeControl GDPR Compliance Rating that was manually completed with all the necessary information about GDPR compliance state of thousands of different third-party software vendors. 

Third parties have widespread access to company data

In small to medium enterprises with 200–499 employees, over a quarter have the same number of third-party vendors logging into their network in a typical week as they have employees according to Bomgar study.

At organizations with 5,000+ employees, 23% say they have more than 500 vendors logging in regularly, highlighting the sheer scope of risk exposure.

More Vendors, Less Confidence

According to the Bomgar research, the certainty decision-makers feel around managing vendor access has fallen year over year. Just 25% are very confident that they know how many third-party vendors are accessing their systems, down from 38% last year.

Only 31% are very confident they know how many individual logins can be attributed to third-party vendors. The trust level for vendors also trails that of employees, with only 20% saying they completely trust vendors.

Сyber risk affecting third parties is a major issue

According to “Third-Party Cyber Risk for Financial Services: Blind Spots, Emerging Issues & Best Practices” study nearly 97 percent of respondents said that cyber risk affecting third parties is a major issue.

Meanwhile, nearly 80 percent of respondents said they have terminated or would decline a business relationship due to a vendor’s cybersecurity performance. 1 in 10 organizations has a role specifically dedicated to vendor, third-party or supplier risk.

According to the same study, only 22 percent of organizations are currently using a security rating service to continuously monitor the cybersecurity performance of third parties, though 30 percent are currently evaluating security rating providers.

Meanwhile, WeControl GDPR Compliance Rating lets you evaluate GDPR compliance of your third parties right away. 


Bomgar Study