<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1175921925807459&amp;ev=PageView&amp;noscript=1">
Security Ratings

A Data-Driven Approach to Vendor Risk Management

Debbie Umbach | January 6, 2015

Third party risk has become a hot topic throughout 2014, with no signs of slowing down in 2015.  The WSJ highlighted high-profile breaches stemming from a vendor here and here, and the OCC issued more third party risk guidance. BitSight discussed third-party risk related to retail and how to communicate with the board, as well as in a 2014 roundup.

With this as a backdrop, ESG’s Jon Oltsik sat down with BitSight’s Co-Founder and CTO, Stephen Boyer, to discuss the challenges around third party risk — and what can be done about them.

ESG research on supply chain security reveals some troubling insights: less than one third of critical infrastructure organizations always audited the security of their strategic software vendors and only half of organizations had established formal processes for security information sharing with their 3rd party partners. While organizations recognize the security risks associated with their information supply chain, their vendor risk management (VRM) programs are still anchored to manual processes and point-in-time, paper-based audits lacking in automation and scale. Companies are looking for automated, continuous monitoring solutions to better manage cyber supply chain risk.

Watch the full video to hear about the regulatory landscape and other drivers for third party oversight — and to learn about how security ratings can help.

 

 

Suggested Posts

Research Paper Validates Security Ratings’ Correlation to Likelihood of Breach

This spring, the research paper titled “Risky Business: Assessing Security with External Measurements” was published on Cornell’s academic resource site. Authored by former BitSight data scientist, Jay Jacobs, as well as fellow academics...

READ MORE »

What Are Security Ratings?

Security ratings are a data-driven, objective and dynamic measurement of an organization’s security performance. Thousands of organizations around the world use BitSight Security Ratings as a tool to address a variety of critical,...

READ MORE »

The Board’s Role in Managing Disruptive Risk: Enter Security Ratings

Today, disruptive risks are an area of focus for corporate directors worldwide. On a global basis, we face disruptions in areas like geopolitical volatility, economic slowdown, emerging technologies, cybersecurity threats, and climate...

READ MORE »

Subscribe to get security news and updates in your inbox.