Firms Turn Data Quality, Procurement Visibility Into Cyber Advantages

Fraudsters thrive on data deficiencies and underinvestment in cyber defenses.

Companies know this, but they still leave the door open. Security is not a checkbox; it’s a dynamic, data-driven ecosystem.

As findings from the Government Accountability Office (GAO) and PYMNTS Intelligence separately revealed, public and private sector organizations have work cut out for them in building a safe cyber ecosystem.

A Thursday (Sept. 4) GAO report alleged that the federal government’s cybersecurity workforce tracking is unreliable at best, and misleading at worst. Across 23 civilian agencies, claims of nearly 64,000 full-time cyber professionals and $9.3 billion in associated costs cannot be substantiated. Contractor data is even murkier, as 22 of 23 agencies failed to consistently track contractor personnel, despite $5.2 billion spent.

“[M]ost agencies did not have quality information on their component-level and contractor cyber workforce,” the GAO wrote. “As a result, they could not accurately identify the size and cost of their cyber workforce.”

While Washington struggles with workforce clarity, mid-sized companies are facing their own structural cybersecurity challenges. The PYMNTS Intelligence report “Vendors and Vulnerabilities: The Cyberattack Squeeze on Mid-Market Firms” found that vendors and supply chains are the soft underbelly of mid-market defenses, with 38% of invoice fraud cases and 43% of phishing attacks stemming from compromised vendors.

The findings, taken together, expose parallel and sector-agnostic vulnerabilities for firms when they fail to treat cybersecurity as a systemic, data-driven priority.

The story of cybersecurity in the last decade has largely been a tale of scale. Attackers have grown more sophisticated, supply chains more complex, and regulatory expectations more demanding. Yet for all the technical investment that organizations have made in firewalls, endpoint detection and artificial intelligence-driven monitoring, many remain exposed.

The weakness often isn’t a zero-day exploit or a new malware strain. Instead, it is bad data, incomplete visibility and underinvestment in the basics of governance.

Workforce data, which sounds mundane compared with the allure of quantum-safe encryption, has become a frontline vulnerability. Many large enterprises cannot produce a reliable headcount on short notice.

This isn’t merely a human resources problem; it cascades into security because attackers exploit these inconsistencies.

Consider the rise of credential-stuffing attacks, where stolen passwords from one breach are tried across multiple systems. Companies with fuzzy workforce records often cannot even determine whose credentials are active, making containment reactive rather than proactive.

But if workforce visibility is shaky, vendor ecosystems can be even more porous.

See also: Agentic AI Turns Enterprise Cybersecurity Into Machine vs. Machine Battle

Modern enterprises rely on hundreds, sometimes thousands, of external software providers, cloud services, logistics partners and niche contractors. Each represents not just an operational dependency but also an attack surface.

In industries like healthcare, financial services and manufacturing, where third-party integrations are unavoidable, the imbalance is especially acute. A compromised vendor can serve as a trusted relay into dozens of client networks. Attackers know this and design campaigns to exploit these weak links.

Yet few organizations invest proportionally in vendor risk management. Security questionnaires remain perfunctory, audits irregular, and contractual obligations often unenforced. Even when risk is flagged, budget constraints push it down the priority list. The result is that companies spend heavily on internal defenses while leaving open back doors via poorly monitored suppliers.

The persistence of these deficiencies is not purely negligence. It reflects structural incentives. Security budgets are still largely reactive, expanding in the aftermath of incidents but shrinking once headlines fade. Data hygiene and vendor audits rarely offer dramatic return-on-investment metrics; they prevent the absence of crises rather than generating visible wins.

The latest findings from PYMNTS Intelligence’s The 2025 Certainty Project revealed that 81% of high-uncertainty firms reported stalled innovation due to cybersecurity challenges.

At the same time, emerging technologies like AI can offer a way forward.

The PYMNTS Intelligence report “The AI MonitorEdge Report: COOs Leverage GenAI to Reduce Data Security Losses” found that the share of chief operating officers who said their companies had implemented AI-powered automated cybersecurity management systems leapt from 17% in May 2024 to 55% in August.

“It is essentially an adversarial game; criminals are out to make money, and the [business] community needs to curtail that activity,” Hawk Chief Solutions Officer Michael Shearer told PYMNTS last year. “What’s different now is that both sides are armed with some really impressive technology.”

The post Firms Turn Data Quality, Procurement Visibility Into Cyber Advantages appeared first on PYMNTS.com.