Best practices for managing vendor information security risks
Information security is acknowledged as a key strategic imperative for most organisations. The challenges surrounding third-party cyber security in particular are increasing, as criminals target suppliers who are often seen as a weak link in the security chain.
Organisations are more digitally connected than ever before, on average sharing sensitive data with over 500 third parties. In some cases, this sensitive data may be stolen while under the third party’s care. In other cases, the third party may inadvertently act as a conduit into the organisation’s IT systems, allowing information to be compromised.
Cyber-risk professionals know that the key to minimising the risk of data breaches enabled by suppliers and other third parties is to implement a comprehensive and robust third-party security risk management (TPSRM) programme.
But the third-party security programs at many organisations are not robust. They can be inconsistent or incomplete. Often, they are manual: four in five organisations use spreadsheets to manage their vendors. This exposes organisations to unnecessary third-party security…
