Third-Party Risk Management: It's complicated?.

Think Tank - 4:00 pm - 4:25 pm

Understanding the risks that your vendors and suppliers present to your organization is, well? it's complicated. Your business operations and strategic objectives depend on the relationships you have with your suppliers. Increased trends in data breaches and cybercrime is driving the urgency to understand risks your third-party suppliers and vendors expose to your business, and you need to be confident you have awareness of the cybersecurity posture of your suppliers. Performing proper due diligence is critical to protecting your organization while leveraging the successes of those relationships. A robust third-party cyber risk management program will support business stakeholders in the continual awareness and review of your third parties cybersecurity posture and how potential cybersecurity incidents might affect not only the third party, but your overall business operations as well. 

 Takeaways: 

• Business and Cybersecurity leadership must partner to define a risk appetite for the organization, a process to prioritize third parties requiring assessment, and determine which risk indicators are most relevant to your business 
• The program must analyze risk against the appetite, identify risk mitigations in place and be flexible to support ever changing vendor relationships (contracts, licenses, security incidents/breaches, margins, etc.) 
• The approach must be wired to adequately re-assess vendors as required 
• Metrics must be able to report digestible and actionable information to stakeholders to help drive vendor business decisions

Presented by:

Presented by: