Introduction: The Next Frontier of Risk Management: Cyber Risk
A Proposed Business-Oriented Approach to Cyber
A Practical Approach to Developing a Cybersecurity Programme
Regulations, Compliance and Cyber Risk Management
The Role of Cyber Risk in the Organisation
The Evolution of the Cyber Risk Role within the Three Lines of Defence
Quantifying Cyber Risk
Leadership and Culture: The Foundations of Cyber-Risk Management
Understanding the Cyber Risk Landscape: An Integrated Framework
The Transformation of Information Security: New Threats and Vulnerabilities
Cybersecurity Metrics: The Good, the Bad and the Ugly
Third-Party Risk Management
Cybersecurity’s Neighbourhood Watch: The Strength of Information Sharing
Cyber Risks in Business Continuity Management and Supply Chain Resilience for Financial Institutions
Cybersecurity Threats to the Critical Infrastructure
The True Meaning of Cyber Incident Response
Cyber Risk: Where We Have Been, Where We Are and Where We Are Going
“Take calculated risks. That is quite different from being rash.”
George S. Patton
Third-party risk is front and centre for C-suites and boards of directors. As the digitised business landscape has expanded, so too has the role that third parties are playing in the day-to-day operations in your organisation. In addition, both industry and regulators have made it clear that – for organisations and the third parties that they do business with – data protection and privacy must remain top priorities. In this context, it is imperative to remember: you can outsource the work, but you cannot outsource the risk. This chapter will discuss the challenges and solutions surrounding third-party risk management.
What is a third party?
A third party is identified as any entity or person that works on behalf of an organisation, but is not an employee of that organisation. This includes consultants, contingent workers, clients, business partners, vendors, subcontractors, suppliers, affiliates and any other person or entity that accesses customer, company confidential/proprietary data and/or systems that interact with that data.