REQUEST A DEMO

Blog

Marriott’s Data Breach Underscores Importance of Scrutinising Data Security Policies During M&A

Massive data breach also gives rise to calls for stronger data protection legislation The ever-increasing line of corporate data breaches grew longer last week, as Marriott International disclosed that it had been the latest victim of a massive cyber-attack.  On Friday, November 30th, 2018, Marriott announced the largest data breach in its history that compromised…

LEARN MORE

Fear, Uncertainty and Doubt May Be Clouding Cyber Insurance and ERM-Cybersecurity Integration

As cybersecurity programs become more integrated into enterprise risk management (ERM) programs, security professionals grapple with new issues. Rather than relying on fear, uncertainty and doubt (FUD) to fuel their business case for budget increases, cybersecurity leaders are striving to quantify the business impact and probability of cybersecurity events while evaluating new options, including cyber…

LEARN MORE

Missing the point? Should cyber insurance cover GDPR fines?

Should cyber insurance cover GDPR fines? I see the interesting debate around whether GDPR fines should be covered within corporate cyber insurance policies has raised its head again. See Law360’s GDPR Fines May Be Uninsurable, Broker Warns and Are GDPR Fines Insurable? UK Watchdog Won’t Say With increasing regulation and scrutiny placed on organisations and…

LEARN MORE

Expect the Unexpected: 5 Keys to Managing Third Party GDPR Risk

Expect the Unexpected: 5 Keys to Managing Third Party GDPR Risk As the European Union’s (EU’s) General Data Protection Regulation (GDPR) May 25 effective date approached this spring, its sweeping compliance requirements socked companies with major surprises. The regulation’s global jurisdictional reach, EU-specific definition of “sensitive data,” steep penalties, hefty compliance costs, and applicability to…

LEARN MORE

3rd Party Vendor Breach Leaves Thousands of “Vulnerable People” at Risk

A security incident at The Pennsylvania Department of Corrections has compromised the personal information of a seemingly “vulnerable population” Recently, Accreditation, Audit, and Risk Management Security LLC, an online systems vendor for the Pennsylvania Department of Corrections, suffered a data breach that exposed the Personally Identifiable Information (PII) – including names, Social Security Numbers, medical…

LEARN MORE

Digital Transformation Gives Rise to 3rd Party Vendor Vulnerabilities

3rd party vendor relationships present plenty of opportunities for cybercriminals   Digital transformation is imperative for any business striving to deliver value to customers and remain relevant in fiercely competitive landscapes. Whether moving an existing infrastructure to a cloud platform or incorporating IoT devices and analytics into business models, these technologies enable organisations to increase…

LEARN MORE

Turning the Third Party risk tables – from the Assessor to the Assessed!

Article written by Sean O’Brien CTPRP, Director, DVV Solutions A common question I receive from clients as part of Third Party risk management (TPRM) program development is the best way to manage the inbound requests to complete risk assessments from their own clients. My answer is very simple. “Practice what you preach”. Treat client requests…

LEARN MORE

4th Party Vendor Breach Strikes Again

4th Party Vendor Breach Strikes Again Security can’t be looked at only inside the firewall; it must be accounted for throughout an organization’s entire business network Last week’s Ticketmaster breach is a classic example of the challenges companies face to effectively manage vendor risk.  Very few companies manage their online ticket sales.  That job is left…

LEARN MORE

Mind the (risk intelligence) gap

5 keys to managing Fourth Party cybersecurity risk Author: Sean O’Brien CTPRP, Director, DVV Solutions If GDPR hasn’t raised the stakes and drawn attention to the risks in the data supply chain then maybe nothing will. The mix of media attention, ICO & GDPR guidelines and the messaging produced by GRC solution providers over the…

LEARN MORE

What we learnt from CeFPro Vendor & Third Party Risk EMEA 2018

Key take-aways from CeFPro Vendor and Risk EMEA 2018 Sean O’Brien, Managing Director at DVV Solutions offer his thoughts and ideas on the state of Third Party Risk Management in the UK and Europe, and his key take-aways from CeFPro Vendor & Third Party Risk 2018. I was proud to represent DVV Solutions at the…

LEARN MORE