Thank goodness we have partners, suppliers, contractors, and third-party service providers to keep our businesses operating smoothly. But let’s make sure that your security postures are aligned – your partners serve as an extension of your business and it is your duty to ensure they are secure and in compliance with your standards as well as applicable laws and regulations. According to a recent Ponemon Institute study, of companies that had a data breach, 59% involved a vendor or third party.

In addition, you must evaluate your partners not just at the beginning of a relationship, but throughout your association, as businesses’ risk profiles continually change. And if you are considering cyber insurance, a review of your third-party vendors can impact your costs and premiums.

Unfortunately, companies are challenged to conduct reviews as 74%^ indicated lack of resources as the reason why they have not assessed their top-tier vendors. Consider what could happen if you did not review your partners and they were the source of a breach – there are many companies going through it now.


RECENT DATA BREACHES DUE TO THIRD-PARTY

COMPANY CATEGORYBREACHTHIRD PARTY
SEI Investments (and also affecting their partners such as Fortress and PIMCO)
Ransomware attack on corporate systems at service provider
M.J. Brunner – developed and supports SEI investment dashboard and enrollment portal
Rhode Island School of Design (RISD)
Data breach and attempted ransomware attack
Blackbaud – software service provider
Promo.com
Data breach at service provider
Dave (online digital bank)
Data breach at former service provider partner
Waydev – Git analytics provider
Freddie Mac
Ransomware attack at service provider
Opus Capital Markets – conducts due diligence on Freddie Mac mortgage loans
University of Dayton
Ransomware attack at vendor
Blackbaud – computing company
San Francisco Employees’ Retirement System (SFERS)
Unauthorized access of test environment of a vendor that potentially exposed 74,000 members’ information
10up Inc
Keepnet Labs
Contractor exposed database of 5 billion records

Assess your current partners’ security profiles. We can help you review policies, process, training to ensure reasonable and appropriate security and compliance strategy.

^SOURCE: Prevalent study

</font size=3>