Conversations in Risk-Based Security

With scrutiny on companies intensifying as data breaches become a matter of when, not if, the subject of Third Party Risk Management (TPRM) enters the cybersecurity spotlight more and more. A November 2018 Opus and Ponemon Institute study noted “59 percent of companies said they have experienced a data breach caused by one of their vendors or third parties. In the U.S., that percentage is even higher at 61 percent – up 5 percent over last year’s study and a 12 percent increase since 2016.” Yet, despite this reality, a July 2018 CrowdStrike report notes “fewer than a third (32 percent) of respondents’ organizations have vetted all of their suppliers, new or existing, over the past 12 months.”

There’s a huge misconception in our industry today that a GRC platform is the end all be all to Third Party Risk Management (TPRM). This is so not true! The key to an effective, results driven, TPRM Program is to take the time to lay a solid risk-based foundation. History has shown, that if you just go purchase a tool and haven’t laid a solid foundation, the tool will not give you the results you’re looking to achieve. Regulatory bodies and Industry standards are embracing this philosophy as well. This process can be tedious and time consuming in the beginning but once complete, your result is a mature TPRM program that is ready to be transitioned into any GRC platform.

From June 26 to June 29 in Arlington, Virginia, Lynx Technology Partners team members will be among the top global risk experts discussing best practices for third party risk management at the 10th annual Shared Assessments Summit.