An increasing number of data breaches originate with the compromise of a key vendor or business partner. This trend was heightened with the spread of NotPetya ransomware which first emerged when the software update process of an accounting software provider in Ukraine was hijacker. With digital services being increasingly outsourced, reducing cyber risk posed from a growing number of vendors and suppliers is more important than ever.
For years, the Finance industry has been a trailblazer in managing the risk posed by vendors, suppliers, and business partners. As we have also detailed in previous BitSight Insights reports 2 over the last four years, this industry has maintained a strong security posture in comparison to others. Given that the Finance industry is a leader in managing third-party cyber risk, how secure is their supply chain, and where do weak links lie?
Are the companies in their supply chain meeting the same security standards they hold for their own organization? These questions are relevant not only for Finance organizations, but for all organizations that need to reduce third-party cyber risk.