Thinking through the third-party chain of risk
As always, third-party risk management was a prominent topic. There was much discussion on overcoming one of today’s most common security and privacy challenges, underlining the importance of identifying priorities before, during and after vendor procurement.
After all, two-thirds of data breaches occur thanks to insecure or poorly managed third parties and vendors. Yet traditional third-party risk management methods are heavily reliant on spreadsheets, incorporating cumbersome and error-prone manual methods. As well as lacking the agility, which is essential as trends such as cloud computing, artificial intelligence and the Internet of Things dramatically extend the number of third parties to which organisations are connected. We expect to see even higher uptake of centralised, automated third-party risk management solutions over the coming months, as well as more considerable attention paid to processes such as effective information gathering from third parties.