Written by Tom Turner, CEO and President, BitSight
In my experience there are a number of common blind spots associated with vendor risk management (VRM), or ‘third party risk management’ as it is sometimes called. In this article I will share with the readers what I see as six top misconceptions surrounding VRM and suggest strategies for businesses to overcome or avoid some of these pitfalls.
1. Only the highest value business relationships have the most inherent risk
Today we see many high profile data breaches hitting the headlines. That’s because businesses are more connected than ever before, and organisations are having to deal with increasing numbers of third parties. Often, there will be a direct relationship where data is exchanged. However, we’re seeing more indirect relationships where a third party may not be deemed critical to the organisation’s service or product, yet they still have the potential to introduce risk. Take the Netflix ‘Orange Is The New Black’ leak in April last year from Larson Studios. This was a post-production company that was probably thought to be a distant vendor in the supply chain, yet when they were…