Security risk assessments must evolve to be more adaptive to respond to global changes in the market, says Info-Tech Research Group

The firm explains that ongoing monitoring of third-party vendor risks and holding those vendors accountable throughout the vendor lifecycle are critical steps to preventing disastrous outcomes.

TORONTO, May 25, 2023 /PRNewswire/ – The IT market is constantly reacting to global influences. As a result, organizations and their vendors must be able to adapt their security plans to accommodate risks on an unprecedented level. When an unexpected security incident happens to a vendor, organizations need to adapt quickly to new priorities to ensure continued long-term business success. To help organizations identify and quantify the potential risks caused by vendors, global IT research and advisory firm Info-Tech Research Group has published a new research-backed blueprint, Identify and Manage Security Risk Impacts on Your Organization.

“We are inundated with a barrage of news about security incidents daily. It’s easy to forget that there are ways to help prevent such things from happening, says Frank Sewell, advisory director at Info-Tech Research Group. “Most people are aware of defense strategies that help keep their organization safe from direct attack and inside threats. Likewise, they expect their trusted partners to perform the same diligence. Unfortunately, as more organizations use cloud service vendors, the risks with third-party vendors are increasing.

The newly published research explains that identifying and managing a vendor’s potential security risk impacts on an organization requires multiple people across several functions, all requiring coaching on the possible changes in the market and how these changes could introduce new risks. The firm’s research also shows that organizational leadership is often taken unaware during crises, and their plans lack the flexibility needed to adjust to significant market upheavals and surprise incidents.

“Over the last few years, organizations have learned the harsh lesson that downstream attacks affect more businesses than we ever expected as suppliers, manufacturers of base goods and materials, and rising transportation costs affect the global economy,” explains Sewell.

Info-Tech recommends that vendor management practices can educate organizations on the potential risks from vendors in the market and suggest creative and alternative ways to avoid and manage them. The firm outlines the following approach to identify and manage vendor risks:

  1. Prioritize and classify vendors with quantifiable, standardized rankings.
  2. Prioritize focus on high-risk vendors.
  3. Standardize processes for identifying and monitoring vendor risks to manage potential impacts.

The research also explains that there are many individual components of vendor risk beyond cybersecurity, including:

  • Financial
  • Reputational
  • Operational
  • Strategic
  • Security
  • Regulatory and Compliance

The firm cautions that it is not enough to solely assess and monitor direct vendors. Many incidents come from third-party vendors with poorly mapped relationships to an organization. Info-Tech advises in the new resource that organizations completely understand their vendor landscape in order to avoid costly security incidents.

To learn more about the individual components of vendor risk and how vendor management practices can facilitate an understanding of them, download the Identify and Manage Security Risk Impacts on Your Organization blueprint.

For more information about Info-Tech Research Group or to access the latest research, visit and connect via LinkedIn and Twitter.

About Info-Tech Research Group

Info-Tech Research Group is one of the world’s leading information technology research and advisory firms, proudly serving over 30,000 IT professionals. The company produces unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. For 25 years, Info-Tech has partnered closely with IT teams to provide them with everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

Media professionals can register for unrestricted access to research across IT, HR, and software and over 200 IT and industry analysts through the firm’s Media Insiders program. To gain access, contact [email protected].

SOURCE Info-Tech Research Group

Originally published at

author avatar
Books Editor

- best PR -

best company for press release distribution