Buyers Guide Rethinking Third Party Cyber Risk Management

July 14, 2022

148

Cyber Risk Grows with Third-Party Reliance

Outsourcing internal functions to third party providers gives a boost to productivity and can reduce operating costs. But heavier reliance on third parties increases your company’s attack surface, making it more vulnerable to cyber attacks. For example, a 2018 survey of more than 1,000 CISO and security and risk professionals in the U.S. and U.K. found that 61 percent of their companies faced a data breach because of a vendor or third party. Even more worrying, more than a fifth of those surveyed security and risk professionals said they did not know if their employer had experienced a third-party data breach during the past 12 months.

Third-Party Cyber Risk Management Red Flags

Across industries, high costs and limited scale characterize third-party cyber risk management programs. As a result, many have languished, even as the need for them has grown. Absent robust tools to manage their third-party relationships, organizations are struggling to scale inefficient processes to meet the new demands of regulators and business partners for third-party risk assessments. How do you know whether your current third-party risk and third-party cyber risk management practices are mature or immature? Below, we’ve included some “red flags”.

Lots of Buck, Very Little Bang

Spending a lot on third-party risk management with little to show for it is perhaps the best indicator that your TPCRM processes need to be re-evaluated. Among other things: consider how much you’re spending on assessments compared with what percentage of vendors are covered by them.

Devils You Know

Immature third-party cyber risk management programs typically address only a portion of an organization’s third-parties, and often not the vendors who pose the greatest risks. Consider how many vendors your current TPCRM program covers and whether the vendors covered are those that pose the highest risk to your organization. Spending handsomely to achieve a small reduction in risk is rarely advisable. Also consider how many full- and part-time cyber risk analyst positions you’re supporting simply to validate vendor responses.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Buyers Guide Rethinking Third Party Cyber Risk Management

Cyber Risk Grows with Third-Party Reliance

Third-Party Cyber Risk Management Red Flags

Lots of Buck, Very Little Bang

Devils You Know

LEAVE A REPLY Cancel reply

Latest posts

Wishpond Completes Acquisition of Brax.io and Appoints Kevin Ho as General Manager

StrikeTru and Vesta eCommerce Announce Completion of End-to-End PIM Implementation for PK Safety

How To Manage Your Online Business To Set It Up For Growth

POPULAR POSTS

eCommerce Delivery Tech Company Metapack Adds what3words Tech

90FUN Capture 1 Vlogging Camera: Making Vlogging Easier for Starters

Factor 8 Named to Selling Power Magazine’s Top Sales Training Companies 2021 List

POPULAR CATEGORY