Thank goodness we have partners, suppliers, contractors, and third-party service providers to keep our businesses operating smoothly. But let’s make sure that your security postures are aligned – your partners serve as an extension of your business and it is your duty to ensure they are secure and in compliance with your standards as well as applicable laws and regulations. According to a recent Ponemon Institute study, of companies that had a data breach, 59% involved a vendor or third party.
In addition, you must evaluate your partners not just at the beginning of a relationship, but throughout your association, as businesses’ risk profiles continually change. And if you are considering cyber insurance, a review of your third-party vendors can impact your costs and premiums.
Unfortunately, companies are challenged to conduct reviews as 74%^ indicated lack of resources as the reason why they have not assessed their top-tier vendors. Consider what could happen if you did not review your partners and they were the source of a breach – there are many companies going through it now.
RECENT DATA BREACHES DUE TO THIRD-PARTY
|COMPANY CATEGORY||BREACH||THIRD PARTY|
|SEI Investments (and also affecting their partners such as Fortress and PIMCO)||M.J. Brunner – developed and supports SEI investment dashboard and enrollment portal|
|Rhode Island School of Design (RISD)|
|Dave (online digital bank)|
|University of Dayton|
|San Francisco Employees’ Retirement System (SFERS)|