Ponemon Report Cites Third-Party Risk Management Shortfalls and Offers Best Practices

Although most reported breaches involve third parties in the U.S. and U.K, the management of outsourced relationships is not a priority for companies, and third-party security practices are rarely assessed for effectiveness, a survey of over 1,000 IT professionals found. Sponsored by Opus and independently conducted by the Ponemon Institute, the third annual Data Risk in the Third-Party Ecosystem Report identified practices more likely to be implemented by companies with no third-party data breaches. “The reality is that when you look at third parties as it pertains to information security risk as well as certain regulatory compliance requirements, they expose organizations to the largest risks,” said Lee Kirschbaum, a senior vice president at Opus, during a recent webinar analyzing the results of the survey. In this article, we review the report’s findings and cover best practices for mitigating third-party risk. See “How to Maintain Effective and Secure Long-Term Vendor Relationships: Understanding the Risks (Part One of Two)” (Jun. 20, 2018); Part Two (Jun. 27, 2018).

To read the full article

Continue reading your article with a CSLR subscription.