Third-Party Cyber Risk Looms Large for Companies with Outside Service Providers, Part 3

Are you a third-party cyber risk management champion? Find out as we conclude our series.

In part one of this series, we discussed the findings of CyberRisk Alliance’s Third-Party Risk: A Turbulent Outlook, noting that 95% of businesses surveyed reported partnerships with IT software, platform, or service providers. In part two, we delved into survey respondents' greatest concerns about third-party cyber risk. Here, we delineate the best practices and procedures exhibited by the companies identified as third-party cyber risk management “champions.”

Now more than ever, organizations are turning to outside vendors, contractors, and other providers to address the pandemic-prompted shift to remote operations and need to backfill talent in the face of the Great Resignation. With that outsourcing has come a widening channel of vectors through which threat actors infiltrate larger targets. 

What best practices can minimize risk for companies that sub out aspects of their operations? In December 2021, Trava sponsored a CyberRisk Alliance survey of 301 IT and cybersecurity professionals whose organizations worked with third-party partners. 

Of these respondents, the survey identified 214 as “champions” with superior third-party risk management best practices and procedures. Their industries varied: health care, financial services, retail, manufacturing, high-tech/IT. 

“Likely driven by their large and complex supply chains and/or regulatory compliance mandates,” the survey suggests, “champions can be role models in helping others secure their organizations against attacks originating from their external partners, vendors, suppliers, contractors, and service providers.” 

Protect your company from third-party risks with these seven best practices and procedures:

Source: CyberRisk Alliance, Third Party Risk: A Turbulent Outlook: Findings from a December 2021 Research Study, January 2022. Download the report.