Third-Party Cyber Risks Are a Major Issue – But Is Your Board Really In The Know?

When it comes to third-party cyber risks, what challenges do you have to look out for? A recent survey of the financial sector – including banking, insurance, and related professional services – has pinpointed critical issues, along with some of the blind spots that are leaving organizations vulnerable. The joint study from BitSight and the Center for Financial Professionals (CEFPro) looks at the business ecosystem of the financial services industry, from legal organization to human resources to IT and software providers – each of which bring their own risks if not effectively managed. Among the key findings:

• Cyber risk is getting attention – 97% of those surveyed classified third-party cyber risk either critical or important, and nearly 80% said they have declined or would decline a vendor based on poor cybersecurity performance.
• There’s confusion over risk reporting – Although 82% believe executives and boards are confident in their ability to manage third-party risk, only 44% are regularly reporting these risks to the executive teams and boards.
• The challenges are familiar – Data quality/accuracy, actionability of vendor data, and timeliness of the data were among the top-ranked cyber assessment concerns.

Moving forward, the report recommends integrating and standardizing third-party cyber risks into the organization’s overall risk management program, continuously monitoring and rating vendor cybersecurity strengths, and establishing communication and reporting strategies at the board level. Click here to download the complete report (free registration required). The response to DRI’s new Cyber Resilience course and certification has been overwhelmingly positive, with upcoming classes filling up fast. In this course, you’ll discover how business continuity and cybersecurity must integrate within every organization, using the five elements of cyber resilience: prepare/identify, protect, detect, respond, and recover. Collectively, these concepts and the resulting action plans will help to develop a strategy to effectively respond to unforeseen events and get your organization back up and running as quickly as possible. Click here for additional course and certification information.