RETHINKING YOUR THIRD PARTY CYBER RISK MANAGEMENT

If you’ve been reading the headlines, you already know that third-party cyber risk is one of the most potent and fast-evolving risks your organization faces. What is the status of your third-party cyber risk management (TPCRM) program? Common in the financial services industry, these are just now making their way into companies in other sectors. Does your firm have such a program? If so, is it working to limit your cyber risk, or is it falling short of the task of keeping you ahead of malicious actors? What are the “must-have” features for modern third-party cyber risk management?

**Why publish this guide? **

Because the problem of third-party risk and third-party cyber risk is growing and evolving as we speak. This guide will help you better understand the choices before you no matter if your organization hasn’t even cracked the seal on third-party cyber risk management; has a program, but hasn’t updated it recently, or considers itself an expert at third-party risk cyber management. Take the time to review this guide, if only to verify that you are accounting for the many varieties of third-party risk and all the possible solutions out there.

The discussion that follows will help you distinguish a mature cyber risk management practice from an immature one. By the time you complete this guide, you will better understand how you can ensure that your current third-party cyber risk management practices will translate into lower third-party cyber risk and understand where your company’s practice sits on the third-party cyber risk management ‘maturity curve.’