A large technology organisation hires a third party to help with routine website updates, and allows access to its intranet. For some of the work, the third party employs its own third party. It is suddenly a lot harder for the organisation to assess and mitigate risks they are aware of — let alone the ones they are not.
In 2019, 71% of organisations report their third-party network contains more third parties than it did three years ago, and the same percentage reports their third-party network will grow even larger in the next three years. In fact, our research shows that 60% of organisations are now working with more than 1,000 third parties.