Is a one-off annual Third Party risk assessment enough?
The 2017 Ponemon Cost of Data Breach Survey found that 63% of companies don’t have plans to update their Third Party risk assessments on an ongoing basis.
If you rely only on one-time assessments you risk missing critical information about your suppliers that can affect the security of your systems and data.
So let’s take a quick look at what’s not covered in a one-time annual Third Party risk assessment, the gaps in threat intelligence they create, and what you can do to ensure you get the complete picture of your ongoing threat landscape.
Gap 1 – Operational Supplier Business Activity
Mergers and acquisitions,
Expansions,
Divestitures,
Contractions,
Redundancies, and
Senior Management changes…
all place stress on your suppliers and Third Party partners, their people controls and processes – which increases information security risk!
Gap 2 – Legal Threats and Regulatory Action
You deserve to know if your supplier or Third Party partners is undergoing:
Group litigation proceedings,
IP cases,
Sanctions,
Regulatory investigations, or
Other legal actions…
as this will affect how and whether or not you choose to do business with them.
Gap 3 – Brand and Reputation Issues
Employee morale is stressed when a supplier confronts brand and reputational challenges, hurting operational effectiveness and security awareness..
which increases the probability of successful phishing and breach activity.
Gap 4 – Data and Security Events
If your suppliers and Third Parties experience a data breach or security incident, they could experience business interruptions that affect your operations.
Or worse, their hackers could become your hackers – gaining access to your systems and sensitive data.
Gap 5 – Financial Stability
Missing financial goals, capital changes, and bankruptcies can all be signs of deteriorating long-term viability of a supplier’s business.
This can also signal decreasing investment in information security resources and controls to combat today’s rapidly evolving threats.
How can you keep track of these potential threats to your security posture between annual risk assessments?
Get the complete picture:
Continuous Threat Monitoring
Continuous Threat Monitoring services, such as Supplier Threat Monitor provides a holistic view of the ongoing internal and external events that can affect the security postures of your suppliers… and you!
- Fills the intelligence gap between periodic assessments
- Holistic view of potential risks across 5 key areas – Operational, Financial, Regulatory, Brand and Data
- Potential risk events constantly surfaced, scored and delivered
- Intelligent filtering of risk events and feeds
- The only monitoring service offering insight into each supplier’s investments in IT security products
You’re only as Strong as your Weakest Link
Outsourcing has clear benefits — from lower costs to increased efficiency and productivity in non-core business processes. But the value Third Parties bring can be eroded by associated risks. Third Party weaknesses are your weaknesses.
By developing and maintaining an effective Third Party risk management program, you can help ensure that your suppliers have strong controls in place and protect your organisation from fiscal, operational, regulatory and reputational risk.
We’d be pleased to hear from you and help find the most cost-effective way to develop, maintain or expand your Third Party risk management efforts.
Call Us: +44 (0) 161 476 8700
Contact Us: Complete our Contact Form, or
Learn more about What We Do