How Vendor Management Software is Like Homeowner’s Insurance

June 03, 2020//Fred Smith

Last Updated: January 27, 2022

December 27, 2019 will always be the day that I remember just how much I love homeowner’s insurance. A weird thing to say, right? Let me tell you a story:

On the evening of December 27 at around 10:15 PM, lightning struck our house and we were blessed with two key things:  

  1. Our house didn’t burn to the ground!
  2. We have homeowner’s insurance!

Although the house didn’t catch on fire, the damage was pretty devastating to the tune of roughly $60,000. I could provide a list of items lost, but if you basically think of everything you have in your house plugged into the wall, you pretty much have the list. Then on top of this, the electricity jolt also traveled through our gas lines and burst the gas pipe where it connects to our outdoor fire pit. This was by far the scariest part of the evening!

Data from the National Association of Insurance Commissioners, says that 85% of homes in the United States have homeowners insurance policies even though it is not a legal requirement. In our particular lightning strike instance, our insurance saved our bacon and our pocketbooks. However, several years ago there were some bad wildfires in a community about 45 minutes outside of Austin, and out of the 1,673 homes destroyed, roughly 100 did not have insurance. The total damage was estimated at $325 million in insurance payouts. That’s $194,262 per house. Looking at this from the other side, that means the 100 uninsured homes damages were roughly $19.4M in total losses for these families. 

I’ll be honest, no one loves sending in insurance premiums every month until you actually need to file an insurance claim. Then you are thrilled you have insurance!

Why a vendor management system is your insurance policy

So, you might ask, what does this have to do with vendor management, remote access, and the risks associated with third parties accessing your network? Well, let me break this down a bit. As I mentioned, 85% of US homes are insured. Now as a company, think of your third-party remote access security policies as something similar to homeowner’s insurance. And just like homeowners insurance, if you utter the words, “I think I am covered”, you probably aren’t. Your network might not be attacked by a literal lightning bolt like mine was, but a vendor with too much access, the wrong access, or access to privileged credentials can wreak havoc like that lightning bolt did to my house. 

Now take these statistics into account:

  • 59% of companies have experienced a third-party data breach59% of companies have experienced a third-party data breach
  • Only 16% of companies are effectively mitigating third-party riskOnly 16% of companies are effectively mitigating third-party risk
  • 63% of total data breaches are due to third parties63% of total data breaches are due to third parties

Just think about that for a minute, only 16% are effectively mitigating third party risk, but third-party risks equate for 63% of all data breaches. This goes back to if you “think” you are covered you probably aren’t. 

Now add in the financial and reputational impact for the companies that have been breached. Based on a study by the Ponemon Institute and IBMthe financial impact alone for a third-party data breach, on average, costs $3.92 million to remediate and this doesn’t even touch on the reputational impact. 

Two other key factors to consider why putting third-party security standards and policies in place are becoming like homeowner’s insurance, a must-have!

  1. Increase in third-party breaches, year over year, according to Security Boulevard, in the first nine months of 2019 data breaches were up 33.3% over 2018.
  2. Average costs to remediate third-party data breaches are on the rise. The 2019 Cost of a Data Breach Report from the Ponemon Institute and IBM shares that since 2014, there has been a 12% increase in cost associated with third-party data breaches. 

Companies no longer have the luxury of “thinking” they are covered. They need to take the appropriate steps and make third-party data standards and policies a focus and move from 16% having effective mitigation measures to numbers like the 85% of people that have homeowner’s insurance.

Making this even more important is that the data they are protecting in most instances is our data. My data, your data, your children’s data; every record stolen has a face and a name. With homeowner’s insurance, you are protecting yourself. When companies have solid third-party standards and policies, they are protecting all of us and our data. Finally, what is great for the companies that make this a priority, unlike homeowners insurance, their solutions, and options are proactive and not reactive. Companies can actually prevent the proverbial lightning strikes and not have to clean up after them like I did. If I could buy a homeowner’s insurance solution that would eliminate lightning strikes, I know I would!

Don’t let third-party risks be the lightning strike on your company’s reputation. Download our webinar that talks about why most organizations are failing at securing third-party remote access and how you can combat them with the right vendor management solution.

close close