Third-Party Risk Management & Cyber Security Ratings

Monitoring Suppliers

 

“By 2022, cybersecurity ratings will become as important as credit ratings when assessing the risk of business relationships.”

Gartner, “Innovation Insight for Security Rating Services“, July 2018

 

Organisations must begin asking themselves which third parties are critical to the business environment, and of those, which provide critical services and have access to any kind of personal or sensitive data.

Point-in-time Third-Party Risk Management (TPRM) Due Diligence assessments are a fantastic method to understand the supplier risk being taken on.  As these risks adapt and move they require monitoring.  A large portion of information security incidents and data privacy breaches are caused by suppliers and third parties.  For example,

·      British Airways received a £20m fine for a breach in personal data caused by one of their suppliers and additional litigation is still underway.

·      Ticketmaster’s £1.25m fine was also caused by a supplier.

In other words, the supply chain needs to be monitored which is where Cyber Security Ratings come into play.

Third-Party Risk Management Monitoring

Third-party risk management is the process of identifying, assessing, managing and monitoring the compliance of your suppliers and is a security practice focused on reducing the risk of data breaches caused by third parties.

TPRM also compliments the requirements of GDPR when it comes to outsourcing the processing of personal data and evidences due diligence and continuous security monitoring to the Information Commissioner’s Office should there be a reportable breach.

Cyber Security Ratings assist in the monitoring of third party risk and supply chain management.

Cyber Security Ratings

Cyber Security ratings are similar in design to credit ratings except they indicate the cyber security ratings of companies.

Cyber Security Ratings are a key component to any Third Party Risk Management lifecycle and improve the cyber health of the management process by continuously identifying, monitoring, and managing information security risk.

By utilizing Open Source Intelligence (OSInt) coupled with threat intelligence, we can produce Cyber Security ratings for individual companies to generate one of the most consistent, accountable and transparent means of managing and mitigating third-party/supplier risk.

Open Source Intelligence is the scraping, processing and analysis of information gathered from public, or open sources and is utilised for business intelligence functions.  Analysts take this data along with other data received from the Dark and Deep Web, “chatter” on companies in chat rooms, cascading trends to build a picture and cyber security rating of a company.

Benefits of Third-Party Risk Management monitoring

Our objectives are to ensure that you don’t become a victim of cyber security attacks or activity that could lead to loss of confidential information assets. We are committed to transforming the way you think about cyber security by embracing a strategic risk management approach and thereby elevating the issue to a strategic priority for the enterprise.

Our continuous monitoring programme includes:

  • Detecting real-time information security, privacy and compliance risks
  • Consistent and comparable ratings to easily understand risk exposure
  • Assesses ongoing information system and common control levels
  • High-level reporting for Board and Senior management on the risk exposure levels
  • Linking and incorporating essential risk management processes within the data, applications, and systems to risk management processes at the organisation level
  • Incorporating constructive transparency and accountability for risk management operations and controls

 

Contact us to gain assurance that your third-party suppliers protect your data to the same standard as you.

Contact us to find out more.

If you have an information security question or would like to hear from one of our consultants, please call us now