As the digital ad ecosystem grows larger and more complex, the risk of a third-party data breach mounts. At this point, the landscape has become so complex and fragmented that many companies don’t even know if they’ve had a third-party data breach, according to a November 2018 study conducted by the Ponemon Institute.
For its third annual “Data Risk in the Third-Party Ecosystem” study, Ponemon surveyed more than 1,000 CISOs and IT security professionals in the U.S. and U.K. who are directly involved in data risk management.
In the U.S., 61 percent of respondents reported having faced a third-party data breach, up 5 percent from 2017. Overall, third-party data breaches over a 12-month period increased from 34 percent in 2017 to 45 percent in 2018. However, largely due to a lack of transparency within their third-party networks, more than 22 percent of respondents said they didn’t know whether they’d had a third-party data breach during the past 12 months.
Nonetheless, the average number of third parties with access to sensitive information at each company in the study increased from 378 to 471.
The Financial Fallout
A data breach erodes consumers’ trust. The brunt of their displeasure will be aimed at the web publisher, even when the breach is demonstrably the fault of a negligent third-party vendor.
In addition to the hit to a publisher’s reputation and potential damage to its brand, the cost of a data breach can be steep. A 2017 study conducted by Ponemon and IBM placed the average cost of a data breach at $3.62 million globally and as much as $7.35 million in the U.S.
According to Kaspersky Labs, the average cost of a breach for small and medium-sized businesses was $120,000 in 2018, 36 percent higher than in 2017. For enterprises, the average cost reached $1.23 million, a 24 percent increase over 2017.
Myriad Entry Points for a Breach
Many of the vulnerabilities that threaten consumer data emanate from third-party technologies such as trackers, tags, and social media advertising technologies. Authorized website tags can enable hundreds of additional tags to be placed on a website. In turn, the tags can be used to introduce malicious code on sites or personal devices, compromising the personal information consumers provide.
In 2014, a U.S. Senate investigation found that a single visit to a tabloid news site triggered interactions with 352 web servers, all potential entry points for nefarious tracking code or malware.
Learn how Apomaya’s application unification technology helps place web publishers in control of their third-party vendors, providing much-needed visibility into the opaque digital ad ecosystem.
CU Insight, “Third-Party Data Breaches on the Rise in the U.S.”https://www.cuinsight.com/third-party-data-breaches-on-the-rise-in-the-u-s.html
eMarketer, “Dealing with the Media Trust Meltdown”https://www.emarketer.com/content/dealing-with-the-media-trust-meltdown
SecureLink, “Can You Afford a Third-Party Data Breach?”https://www.securelink.com/blog/can-you-afford-a-third-party-data-breach/
Kaspersky Lab, “Costly Cloud Breaches Putting Digital Transformation Strategies at Risk” https://www.kaspersky.com/about/press-releases/2018_costly-cloud-breaches
MarTechToday, “Dangerous Misconceptions about Data Breaches”https://martechtoday.com/dangerous-misconceptions-about-data-breaches-228314