No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home GRC Vendor News

RiskRecon Publishes Industry’s Most Revealing Look at How Companies Manage Escalating Third-Party Cyber Risk

by Corporate Compliance Insights
February 21, 2018
in GRC Vendor News
RiskRecon Publishes Industry’s Most Revealing Look at How Companies Manage Escalating Third-Party Cyber Risk

New Playbook reflecting data from executives of 30 companies offers window into how organizations are confronting persistent breach risks stemming from third parties

Salt Lake City, Utah (February 12, 2018) – RiskRecon, a rapidly-growing company transforming management of third-party cyber risk, today published the inaugural Third-Party Security Risk Management Playbook. Based on in-depth interviews with security executives from 30 participating organizations across multiple industries, the Playbook reveals how companies are managing the security risks of their complex digital supply chains and sensitive business partnerships. The study identified 14 vendor-neutral capability sets comprising 72 common, emerging, and pioneering practices that firms have implemented to manage third-party security risk. As a study of real-world third-party risk management programs, the Playbook is a valuable tool executives can use to benchmark their own programs and gain insight into pioneering practices other firms are adopting.

The Playbook is a free download available here: https://www.thirdpartyplaybook.com

Key findings include:

The financial services industry is the clear leader: Financial services firms have been actively managing third-party security risk for an average of six and a half years, nearly four years longer than firms in other industries. Financial services firms also are the drivers behind more than 60 percent of the pioneering practices observed in the study.

Third-party security risk management is rapidly innovating: Thirty-two percent of the third-party risk management practices the study identified are implemented by fewer than 25 percent of the study participants. In all cases, these pioneering practices were recently implemented by the adopting firms. The practices leverage objective security data to better understand third-party risk performance and more intelligently allocate and engage risk analysts in assessments.

Pioneering firms are hunting for dangerous conditions in their third-party systems: Twenty-three percent of respondent companies are proactively identifying severe vulnerabilities in their vendors’ systems and working collaboratively with their vendors to quickly address the issues.

Fourth-party awareness is peaking over the horizon: While only seven percent of respondent firms are actively tracking fourth-parties (the third-parties used by their vendors), an additional 33 percent stated that they intend to implement capabilities to better manage fourth-party risk within two years, citing regulatory requirements as the primary driver.

“Enterprise risk officers are waking up to the reality that their information risk increasingly resides in the systems of their third-parties, beyond the bounds of their own network. You can outsource your systems and operations to third-parties, but you cannot outsource your risk,” said RiskRecon CEO and Founder Kelly White.

Brian Johnson, a CISO consultant and a former CISO of LendingClub, said, “CISOs know that effective third-party security risk management is essential for protecting their enterprise, yet many lack the data necessary to appropriately understand and prioritize third-party risk exposure. The best thinking on solving risk lies within industry, where practitioners are solving real enterprise risk problems every day. The Playbook captures these practices, providing a resource that risk managers can reference in enhancing their programs.”

The capability sets and practices described in the Playbook span three domains: Program Management, Risk Assessment, and Monitoring & Response. The Playbook shows the percentage adoption rate of each practice so that readers can quickly identify practices that are common versus pioneering. The pioneering practices, which have a less than 25 percent adoption rate, largely involve capabilities leveraging objective data to better assess and manage third-party risk performance. “Traditional methods of assessing vendor risk performance using questionnaires reveal the investments companies have made in managing risk. The pioneering use of objective data reveals how well companies implement and operate their security risk management program,” said Kelly White.

The Playbook authors discovered the initial third-party security risk management framework through roundtable discussions conducted with risk executives throughout the U.S. and the U.K. The authors then used this framework to conduct detailed interviews of executive owners of third-party risk management programs to arrive at the final Playbook.

RiskRecon’s objective for the Playbook is to provide practitioners a guide for building and operating their own third-party risk management programs, founded on the community of capabilities and practices developed by their peers. Readers interested in contributing insights and data to the next edition of the Playbook can contact admin@thirdpartyplaybook.com.

Join The Playbook Discussion:
Playbook Website: https://www.thirdpartyplaybook.com
Twitter: @3rdPtyPlaybook
Hashtag: #3rdPtyPlaybook

Follow RiskRecon:
LinkedIn: https://www.linkedin.com/company/riskrecon/
Twitter: @riskrecon

About RiskRecon

RiskRecon’s continuous monitoring solution delivers risk-prioritized action plans that enable precise, efficient elimination of your most critical third-party security gaps. Our data-driven SaaS service relies on passive, direct analysis of Internet-facing systems to quantify risks and provide straightforward evidence necessary for remediation. Rather than producing a laundry list of issues, RiskRecon’s custom analytics quantify true risk by determining each system’s issue severity and asset value. Only RiskRecon enables you to build a scalable, third-party risk reduction program that compresses remediation cycle time, improves analyst productivity, and ensures constructive vendor collaboration. Learn more at www.riskrecon.com


Previous Post

NICE Actimize Transforms AML with New Suspicious Activity Monitoring Solution

Next Post

TRACE: “Illicit” and the Underside of Globalization

Corporate Compliance Insights

Corporate Compliance Insights

Corporate Compliance Insights

Related Posts

encompass update

Encompass Launches pKYC Maturity Model

by Corporate Compliance Insights
March 22, 2023

KYC automation platform Encompass has unveiled a new perpetual Know Your Customer (pKYC) maturity model designed to help banks improve...

consilio onna partnership

Consilio, Onna Seek to Streamline eDiscovery for Cloud Apps

by Corporate Compliance Insights
March 22, 2023

Legal technology provider Consilio has launched a new platform, Sightline Collect, powered by data management supplier Onna. The platform is...

corlytics solidatus partnership

Corlytics, Solidatus Join Forces

by Corporate Compliance Insights
March 22, 2023

Data management provider Solidatus and regulatory risk intelligence supplier Corlytics recently announced a partnership that is expected to give both...

castle pixel art

Building a Defense-in-Depth Culture to Combat Phishing

by Perry Carpenter
March 22, 2023

Phishing attempts are only growing more sophisticated by the day, and effective cybersecurity means defending all the vectors of attack,...

Next Post
TRACE: “Illicit” and the Underside of Globalization

TRACE: “Illicit” and the Underside of Globalization

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT