Responsible Security and Responsible Disclosure: Why a VDP Matters
No organization has perfect security, so a VDP serves as one layer of many in a mature vulnerability management program. Learn about what a VDP…
While the COVID pandemic has forced us to maintain physical distance as individuals, our reliance on working together as organizations—and the networks that support them— has only increased in importance. And organizations in every sector recognize the necessity of expanding this network by contracting with third-party providers and vendors to access expertise and reduce costs. From facilities management to legal representation and physical security to tech support, third parties touch every part of an organization, providing operational flexibility and allowing firms to procure capabilities, specialized skills, and expert knowledge more quickly and cost-effectively than developing them in-house.
Although entrusting the fulfillment of services and processes to third parties is an essential part of doing business, these relationships can generate costly vulnerabilities. According to Willis Towers Watson, suppliers who store client or employee data, are responsible for 38% of data breach losses. According to Deloitte’s Third-Party Risk Management Global Survey Report 2020, 84% of more than 1,100 global CFOs said their organization had experienced a third-party incident over the prior three years. Although most of those incidents had limited impact, over 50% of those respondents believe the potential financial costs of a major third-party incident could range from $25 million to $1 billion.
Entrusting firms with key aspects of your business comes at a potentially high cost. A third-party failure, breach, or inability to act could result in monetary costs for your company while also having potential implications for operational resiliency and reputation. Given these critical dependencies, capably balancing the commercial benefits and opportunity that come from working with third parties with the potential risks they incur requires a consistent approach to ensure that their added value outweighs the risk. Below we outline six steps to establish a holistic approach to third-party risk management.
Balancing the commercial benefits and opportunity that comes from working with third parties with the potential risks they incur requires a consistent framework and tools for risk management. A GRC platform is a powerful enabler for logging third-party engagement, facilitating workflows company wide, tracking relationships, and supporting dynamic risk measurement and management.
No organization has perfect security, so a VDP serves as one layer of many in a mature vulnerability management program. Learn about what a VDP…
As regulations change, your company must deploy additional resources to understand the relevant rules in order to develop the appropriate workflows. With the systematic approach…
LogicGate's Senior Information Security Analyst, Anthony Matar, discusses the 3 most common policy management pitfalls and how to avoid them.