Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Leadership and ManagementLogical SecuritySecurity & Business Resilience

Third-party risk challenges presented by the Great Resignation

By Andrew Egoroff
resignation

Image from Pixabay

September 14, 2022

According to a Microsoft survey, more than 40% of workers globally considered quitting their jobs in 2021 as part of the Great Resignation. That number sits at 20% in 2022, according to the World Economic Forum — still a significant and striking number. A recent Deloitte survey reports that 2 in 5 Gen-Zers and nearly one-quarter (24%) of millennials want to leave their current jobs by 2024. Many more are expected to join the crowds in the coming months as they seek higher pay, more flexible working conditions, and new challenges.

All of this has clear consequences for hiring and personnel with the potential to cause security problems. Businesses that previously failed to properly implement security standards have expressed worry about shifting to remote work. Now, companies need to be concerned about whether the firms they partner with have policies in place to ensure that departing employees do not take important information or sensitive files when they leave.

Adopting a zero trust strategy — which establishes trust with third parties as earned, not implied — can help an organization avoid security risks related to the Great Resignation. Third-party risk management (TPRM) programs should standardize zero trust internally and externally.

Challenges organizations face due to the Great Resignation

According to Code42 research, about 71% of surveyed business and cybersecurity leaders are concerned about a lack of visibility into what and how much sensitive data departing employees take with them to other firms. The same percentage (71%) is concerned about sensitive data stored on departing employees’ local devices, personal hard drives and personal cloud storage and services.

These worries are based on real-world examples of cybersecurity threats companies could face.

Contractors, vendors, resellers and technology partners are examples of third-party users who require access to internally hosted resources, not to mention sensitive personal identifiable information (PII) and intellectual property. These individuals can be located across all time zones using a variety of unmanaged devices, adding to the complexity of an enterprise’s network and access control.

TPRM and vendor risk assessments

Companies now interact with hundreds of vendors, each with their own agents and subcontractors. Challenges organizations now face include identifying critical vendors by risk tier and establishing a process for periodic review. In this vast network, third-party risks can appear at any time, making initial and ongoing vendor risk assessments essential.

Vendor risk assessments evaluate potential vendors and suppliers to see whether they meet the organization’s service requirements and risk-tolerance levels before the contract is signed. Throughout the relationship, continuous assessments help determine whether the service meets expectations while pinpointing changes in risk levels. The ultimate goal is to build and maintain a portfolio of low-risk vendors and suppliers — such as landscapers, office-supply providers and other partners that present little to no harm to an organization’s tech infrastructure — that help the organization carry out its objectives.

Many businesses have failed to track vendor risks per internal policies and certifications. They blindly rely on a vendor’s reputation, granting them unearned trust and skimping on assessments. Bad move. Instead, companies should use zero trust security measures to establish frameworks for improved security, reduce third-party risks and ensure compliance.

“Trust, but verify” has been a common edict for TPRM. However, increased third-party cybersecurity incidents have shifted the focus to “never trust, always verify.” Don’t mistakenly assume that third parties have adequate security practices just because they have solid reputations. Evaluate their risk levels with objective risk assessments.

Lastly, it’s likely that many third parties work with other providers. Because cybersecurity leaders at one organization have no visibility into their vendors’ third-party risk, organizations shouldn’t assume trust at any point. Zero trust security measures can help cybersecurity teams ascertain unknown areas of weakness in an organization’s vendor population, providing the organization with better visibility into mitigating these vulnerabilities.

Solving TPRM challenges through automation

It’s not uncommon for enterprises to exchange personal and sensitive information with 500 third parties. Consider how vastly different security can be across hundreds of entities. All it takes to trigger a breach is a security mishap or oversight at one vendor with inadequate security controls. Cybersecurity teams need to verify security at every vendor with whom the organization shares data. Doing so will require formalized processes for evaluating and managing third-party risk.

With an ever-increasing number of data breaches, there’s never been a better time to tune up TPRM processes. Organizations with mature zero trust strategies in place had less costly data breaches than those with no strategies in place — to the tune of $1.76 million on average. It’s no wonder that businesses are putting money into automating their vendor risk management processes.

TPRM automation can help cybersecurity teams manage a growing vendor population with more agility as it speeds up typically onerous processes — onboarding, initial due diligence, and ongoing assessments, among many others.

Robust third-party risk management automation would place a company in the best position to succeed in the long term, even with increased employee turnover. Company progress and reputation — and trust with other vendors and partners — can be put at great risk otherwise. By proactively managing risk and fortifying the entire organization, enterprise cybersecurity teams can better guarantee the protection of sensitive information and ward off potential cybersecurity threats. 
KEYWORDS: cyber security data breach risk management third-party cybersecurity third-party risk vendor risk zero trust

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Egoroff headshot

Andrew Egoroff is a cybersecurity advisor for ProcessUnity. He has more than 25 years of international experience in providing cyber and cloud security advisory services.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cyber Tactics Column
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
close

1 COMPLIMENTARY ARTICLE(S) LEFT

Loader

Already Registered? Sign in now.

Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • resignation-freepik1170.jpg

    3 tips to offset security challenges created by the Great Resignation

    See More
  • cybersecurity finger pointing

    3 ways AI can handle third-party vendor and supplier risk challenges

    See More
  • 5 mins with Ehret

    5 minutes with Jonathan Ehret – The need for third-party risk management in cybersecurity

    See More

Related Products

See More Products
  • Risk-Analysis.gif

    Risk Analysis and the Security Survey, 4th Edition

  • 9780367339456.jpg.jpg.jpg

    Cyber Strategy: Risk-Driven Security and Resiliency

  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!