Blog | Cyber Security News & Training | Securetain

Third-Party Risk Mgt.- Major Breaches and Bankruptcy Part II

According to the Opus and Ponemon 2018 report, 59 percent of companies said they have experienced a data breach caused by one of their vendors or third parties. In the U.S., that percentage is higher at 61 percent. Also noted that many breaches go undetected: 22 percent of respondents admitted they didn’t know if they’d had a third-party data breach in the past 12 months. A third-party breach costs, on average, twice what a normal breach costs.

We covered the Major Breaches and Bankruptcy in Part I of the blog. In part, II is about the Drivers of Risk Management, Alignment, and Governance. The series will cover the following topics at a high level to provide sufficient knowledge for professionals to design the program that commensurates with the organization’s size, nature, and objectives. It explores the topics below:

Many organizations are not aware but intellectual property (IP) breaches can be a recipe for bankruptcy.

Drivers of Risk Management

What are Third Parties?

Third Parties is broadest and most inclusive term includes parties not controlled by either the company (First Party) or its customers (Second Party), and Third Party intermediaries (TPIs). Third Parties are effectively the external parties with which a company interacts – Suppliers, Vendors, Licensees, BPOs, Agents, etc. TPIs include business partners, distributors, agents, consultants, vendors, dealers, customers, logistics providers, and others

Drivers of Third-Party Risk Management

The common concerns in Third Party risk management are:

  1. How do you identify the full third-party population?
  2. How do you identify what services those third parties provide?
  3. How should affiliate relationships be assessed and managed in the same way as external third parties?
  4. Are any risks not relevant/heighted in an affiliate?
  5. How do you identify subcontractor relationships?
  6. Do you approve the terms of subcontractor engagement?
  7. How do you define ‘critical’?
  8. How do you identify critical services/third parties?
  9. What involvement should internal audit have in framework design?
  10. Should internal audit teams undertake third-party inspections?

What is Third Party Risk Management?

Third-party Risk Management (TPRM) is the process of analyzing and controlling/managing risks associated with outsourcing to third-party vendors or service providers. The goal of any third-party risk management program is to reduce the likelihood of data breaches, meet regulatory requirements, vendor bankruptcy and to avoid operational failures.

Why perform Third Party risk assessment training?

Part III of the series will cover the vendor categorization, alignment, and governance. •

RELATED POST:

Third-Party Risk Mgt.- Major Breaches and Bankruptcy Part I

Third-Party Risk Management Part III

Third-Party Risk Management Part IV

Third-Party Risk Management Part V