Report exposes third-party providers as a security risk to organisations

Businesses relying on third-parties to host their data may be more vulnerable to cyber threats, a study finds.

Commissioned by RiskRecon, the Internet Risk Surface Report revealed 84% of global enterprises host critical or sensitive assets with third parties. The study of 18,000 organisations reported how 65% of hosts sit on infrastructure owned by an external entity, whilst 27% of firms host assets with at least 10 external providers.

A typical organisation has 22 Internet-facing assets, but some maintain over 100,000 – with 57% of organisations having hosts in multiple countries, including 6% of companies with hosts spanning across 10 or more countries.

The report found that a lot of trust is placed in the hands of external service providers, with organisations three times more likely to have high-value assets with severe findings externally versus in-house. A further 32% or organisations host their data with providers in foreign countries. Hosts within East Asia and Eastern Europe had an extremely high rate, 400%, of severe security vulnerabilities in comparison to North America and Western Europe.

In a press release Kelly White, RiskRecon’s CEO and co-founder, explained: “Your risk surface is anywhere your ability to operate, your reputation, your assets, your legal obligations or your regulatory compliance is at risk.”

“The digital transformation has moved the enterprise risk surface well beyond the internal enterprise network, with 65% of all enterprise Internet-facing systems hosted with third-party providers. The data show that enterprises are not keeping up, with the security of internally hosted systems being much better managed than third-party hosted systems. This dilemma has now become critical because organisations are failing to understand how to manage their entire risk surface based on the volume of external digital exposure they face.” she said.



Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.