Enterprises globally recognize the challenge of third-party cyber risk, but they still struggle with the risk management. Dave Stapleton of CyberGRX.discusses the elements of a mature program, including the role of risk ratings.
There are many reasons why enterprises struggle with third-party risk, says Stapleton, CISO at CyberGRX. And a big part of it is funding.
“A lot of people recognize that it’s a must, but it’s just not as sexy as some other cybersecurity issues,” he says. “And I think it can be difficult to convince the executives or the boards to provide the funding that’s needed to implement a truly mature program.”
In an interview about growing a mature third-party cyber risk program, Stapleton discusses:
- Where enterprises commonly struggle;
- The role of risk-ratings services;
- The key elements for building a mature program.
Stapleton is a cybersecurity risk professional with over a decade of experience in both the public and private sectors. He began his career at the Department of Health and Human Services (HHS) where he developed and managed Risk & Compliance functions for the…