How To Analyze Inherent Risk: A Critical Step For Third-Party Cyber Risk Management

by Fred Kneip

Traditional lines of cybersecurity blur when organizations rely on third parties to conduct business. What was once neatly contained and secured within your own perimeter may be more vulnerable in the extended perimeter of your third-party ecosystem. These vulnerabilities can be just as damaging — and sometimes even more costly than your own. A survey conducted by the Ponemon Institute found that over 53% of organizations studied experienced a third-party breach in the last two years — at an average cost of $7.5 million. A 2018 study from the Ponemon Institute and Opus (via BusinessWire) found that nearly 60% of respondents’ organizations had experienced a third-party breach, yet “less than half of all companies say managing third-party relationship risks is effective and a priority within their organization.”

In a previous article, I talked about why third-party cyber risk management (TPCRM) matters. In this article, I will discuss the initial steps you can take to get your TPCRM program on track, based on my experience as the CEO of a company that provides TPCRM solutions. TPCRM is the practice of identifying and managing third-party cyber risk so you can confidently engage with your vendors and third parties. Unfortunately, however, over 83% (download required) of organizations Deloitte surveyed in 2017 had low confidence in their third-party cyber risk monitoring and management programs. Considering a 2017 Bomgar survey (via eSecurity Planet) found that an average of 181 vendors access a company’s network in a given week, an ineffective program is not acceptable. But when you do it effectively, third-party cyber risk management can be a valuable and vital component to your overall security strategy.

Read more on Forbes here.