Blog

Getting the Risk Data Right – TPRM’s Biggest Challenge

In third party risk, issues around data – data security and data privacy - often hold center court. In the wake of the recent onslaught of cyber attacks and data breaches, as well as the enhanced and new regulatory efforts to contain them, third party risk managers can often find themselves spending a lot of time talking about data.

But are they focusing on one aspect of the businesses’ data, at the expense of improving their own? Today, third party risk management (TPRM) executives are being asked to help shape their corporate data strategies, while their approach to their own risk data can be painfully out-of-date.

Two recent surveys show that while vendor risk issues may be a high priority for organizations’ finance teams, the way data is used within the risk management discipline falls considerably behind how other parts of the business may be using data to help deliver on the firm’s strategic goals.

Read More

Topics: third party risk management, third party governance, tprm, supplier risk, vendor risk, cyber risk, cybersecurity regulation, cyber resiliance, cybersecurity, data quality checks, vendor database, compliance data, risk-scoring, internal audit, regulation, Data Security & Privacy, data risk

Cyber-Criminals Target New Companies, New Supply Chains

Cyber-criminals are seeking out new prey. Industries that previously had a lower threat profile – such as oil-and-gas, manufacturing, and shipping – are now falling victim to cyber-attacks at an increasing rate. In some cases, the cyber criminals are using the supply chains of companies in these industries as entry points for the attacks. In other cases, the criminals target these companies directly. In either case, the organizations these companies are third parties to – their clients – are often impacted.   

As a result of this new trend, governments are stepping up with new efforts – laws, regulations, and guidance – to help create national supplier ecosystems that are more resilient to cyberattack. Industries are also creating their own working groups and other types of infrastructure to help increase communication about cyber risk – to share experiences as well as information on prevention and resilience. The evolution of cybercrime is rapid – governments, industries and individual companies are working hard to stay ahead of the threat.

Read More

Topics: third party risk management, third party governance, tprm, supplier risk, vendor risk, cyber risk, salary, cybersecurity regulation, cyber resiliance, cybersecurity

Three ways the Internet of Things and the GDPR will impact Third Party Risk

As the Internet of Things (IoT) evolves, it will offer organizations the opportunity to create an unprecedented range of potential products and services. By embedding the internet into computer systems inside of cars, appliances, and other physical things, manufacturers will be able to offer new functionality as well as additional services. Smart homes and intelligent cars are already on the consumer market in many countries. Applications for this technology in a business-to-business environment are equally promising.

Read More

Topics: cybersecurity, Data Security & Privacy, information security, cyber-security, GDPR, cyber risk, third party risk management, cyber regulation, cybersecurity regulation, internet of things, IoT

Five Top Trends in Cybersecurity Regulations

Cyber and information security is considered by some to be the biggest challenge organizations collectively face today. A recent study conducted by Juniper Research predicts the cost of data breaches to reach $2.1 trillion globally by 2019. These incidents – whether they are caused by criminals, foreign governments, or hacktivists – can be costly for organizations, distressing for consumers, and create the possibility of real systemic damage to whole industries; even nations. So, it’s hardly surprising that regulators and legislators around the world are moving into action.  

Read More

Topics: cybersecurity, Data Security & Privacy, information security, cyber-security, GDPR, cyber risk, third party risk management, cyber regulation, cybersecurity regulation

Aravo and SecurityScorecard Partner to Improve Actionable Third Party Cybersecurity

We are delighted to announce the integration of the Aravo Enterprise platform with SecurityScorecard’s platform, to provide a fully integrated solution for enhanced third party cyber-risk management.

Read More

Topics: Data Security & Privacy, third party risk management, SecurityScorecard, cybersecurity

Expert Series Podcast - Pt. 3 - Looking toward the future with GDPR & Third Party Risk – with consideration to privacy regulations in other countries

 
Read More

Topics: Data Security & Privacy, third party risk management, GDPR, General Data Protection Regulation, cybersecurity, data privacy, corporate regulation, podcast

Expert Series Podcast - Session 2 - A Deeper Dive into GDPR & Why Organizations Need To Be Thinking about Third Party Risk

Session 2 of 3 (approx. 15 minutes)

I had the great pleasure to speak with Simon McDougall, GDPR expert and Managing Director at Promontory Financial about GDPR & Why Organizations Need To Be Thinking About Third Party Risk. Simon shared insights around GDPR best practices, possible blind-spots, and approaches for Board members, C-suite and middle-management.

Read More

Topics: Data Security & Privacy, third party risk management, GDPR, General Data Protection Regulation, cybersecurity, data privacy, corporate regulation

State and Federal Financial Services Regulators Apply Focus on Cybersecurity and Third Party Relationships

In a sign of what may well be coming for all highly-regulated industries around the world, US financial services regulators are in the process of significantly enhancing their cybersecurity rules, including substantial new rules impacting third party relationships.

Read More

Topics: cybersecurity, privacy, OCC, fdic, fsscc, bits, federal reserve, fsr, Financial Services, bank, information security, Data Security & Privacy