Third Party Risk Management - Consultancy, Assessment & Advisory

Four Recommendations for Securing Your Supply Chain

Cyber security lock and shield

Last year, cyberattacks on third-party vendors cost organisations in various industries billions of dollars. From major banks to healthcare to governments, no one is immune.

But throwing more budget at the problem is not the solution.

BlueVoyant’s recent survey of 1,200 global security executives across industries revealed that despite more focus and budget going to third-party risk in 2021 than the previous year, breaches originating in third parties increased by 37%.

Here are BlueVoyant’s recommendations for enhancing cybersecurity efforts to minimise your supply chain risk.

1. Don’t Rely on a Big Budget Without a Defined Strategy

The disconnect between budgets and breaches suggests investments are not as efficient as they should be.

Third-party cyber risk should always be tied to a defined strategy. Organisations should avoid “spray and pray” spending on more in-house cybersecurity staff, vendors and devices.

Spending on 3PR is considered strategic if it helps assess, rank, monitor, enforce and respond to vulnerabilities originating in the supply chain. If budgets aren’t improving these areas, investments will be mostly wasted.

The data shows there’s room for improvement in strategic 3PR spending….

2. Improve Visibility into the Supply Chain

Full supply chain visibility means being able to support suppliers from first alerts to resolution.

To do that, you’ll need to invest in tools and services that answer these questions:

– Which third-party vendors are most critical to your business?
– What data and systems do they have access to?
– Are you setting security baselines that all third-party vendors must meet?
– Can you work with vendors directly to remediate risks quickly and effectively?

The data shows there’s room for improvement in 3PR visibility…

Ninety-three percent of respondents suffered cybersecurity breaches because of weaknesses in their supply chain.

Thirty-eight percent said they had no way of knowing if an issue arises with a third party.

Forty-one percent said when they did inform thirdparty suppliers about a security issue in their ecosystem, they were unable to verify if it had been resolved.

3. Monitor Your Supply Chain Continuously

– Send alerts when vendor status changes and/or exceeds predetermined cyber-risk thresholds.
– Consistently pinpoint where vulnerabilities are, eliminate false positives and identify malicious activities originating from third parties.

The data shows there’s room for improvement in 3PR monitoring….

4. Coordinate with the C-suite about Third-Party Risk

Executive buy-in is the most effective way to coordinate resources and define strategies for securing supply chains.

Third-party cyber risk should be an executive mandate. Make sure 3PR isn’t stuck in silos and is instead integrated with the company’s risk management strategy with clear lines of responsibility and budget ownership.

The data shows there’s room for improvement in executive involvement with 3PR….

Download BlueVoyant’s 2nd Annual Global Third Party Risk Report Now

Download Managing Cyber Risk Across the Extended Vendor Ecosystem 2021 to understand the full scope of third-party supply chain cyber risk.

The study was conducted by independent research organisation, Opinion Matters, and recorded the views and experiences of 1,200 CIOs, CISOs and Chief Procurement Officers in organisations with more than 1,000 employees across a range of industries. It covered six countries: U.S., Canada, Germany, The Netherlands, the United Kingdom, and Singapore. 

Simply register here to receive your free copy of the report.