<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=26304&amp;fmt=gif">
Vendor Risk Management

Fact or Fiction (Part 2): More Misconceptions About Third-Party Risk Management

Alex Campanelli | September 10, 2018

There are many third-party risk concepts, some of which we addressed in the first blog post of this series. While third-party risk management (TPRM) programs are becoming increasingly common for businesses, there are still some misconceptions about the elements that comprise them. In the second post of our three-part blog series, we’ll take a look at some of the notions surrounding third-party risk management programs and weed out fact from fiction.

All cybersecurity resources should be allocated towards defending one’s own network.

Fiction.third party risk management

Your own network could be extremely secure, but without effective third-party vendor risk management, your sensitive data will still be vulnerable. Surveys indicate that many data breaches are caused by third parties — they continue to make headlines as business after business suffers compromised security at the hands of a supplier. Deloitte reports that 1 in 5 organizations has experienced a third-party breach, and 1 in 10 has lost revenue as a result. Lastly, studies show that the most expensive data breaches are the ones that originate from third parties.

A typical vendor questionnaire could be 50% shorter and just as effective.

Fact.

Third-party vendor security questionnaires are a traditional security assessment method, which are often time-consuming and resource-intensive. As a result, many organizations are moving towards shared, streamlined questionnaires. By supplementing these questionnaires with continuous monitoring data like BitSight Security Ratings, customers have been able to drastically reduce the number of questions they need to ask their third parties and decrease turnaround times — making their TPRM program more efficient and effective overall.

Organizations can’t really influence their third parties’ cybersecurity practices.

Fiction.

Security leaders have proven that writing security obligations into contracts is one way to influence, but having frequent data-driven conversations using security ratings and assessment results can also improve vendor performance. In fact, one BitSight customer was able to improve the security posture of more than half of their vendors in just 6 months by granting them access to the BitSight platform. BitSight Security Ratings enables collaboration through consistent, data-driven security and risk conversations; it allows users to instantly share ratings with critical third parties directly in the vendor portal, fostering more effective collaboration around security to better protect company assets.

Businesses will keep investing in stronger third-party risk management programs as the need to outsource critical business functions continues. It’s important for these organizations to understand how security ratings can help proactively mitigate the risk posed by their third-party supply chain as well as facilitate collaborative relationships with their third-party vendors.

Read our new ebook to learn more about common misconceptions surrounding third-party risk management.

third-party risk management misconceptions


Read part 1 of the Fact or Fiction series: Things You Should Know About Third-Party Risk Management.

Read part 3 of the Fact or Fiction series: How Security Ratings Play a Role in Third-Party Risk Management

Suggested Posts

What Is Digital Supply Chain Management?

You may have heard the term “digital supply chain management” being used to describe an emerging business function. But what exactly is a digital supply chain, and how is one supposed to manage it?

READ MORE »

Getting Started with Enterprise Risk Management Software

Enterprise risk management software helps businesses monitor, manage, and mitigate many types of risk. However, procuring and implementing ERM software requires a significant investment, and choosing the solutions that are right for your...

READ MORE »

BitSight EXCHANGE Sound Bites: Risk Management in Financial Services

In the months since BitSight’s inaugural EXCHANGE forum, we have been digesting and processing the incredible sessions and discussions that came about from this forum. It was a great event that brought together security executives from all...

READ MORE »

Subscribe to get security news and updates in your inbox.