Remain Vigilant: Managing Cybersecurity Risks in Third-Party Outsourcing Relationships

Managing third-party suppliers presents significant compliance challenges that often span an organization, raising legal, insurance, human resources and technology concerns, to name just a few. Corporations will continue to wrestle with these risks in the year ahead, but the convergence of external threats, abundance of valuable corporate data and the current regulatory environment has highlighted the importance of corporate cybersecurity practices. Cybersecurity is perhaps one of the hottest topics being discussed in boardrooms today. The Cybersecurity Framework, anticipated legislation and litany of high-profile data breaches have resulted in even more heightened scrutiny.

The landscape for corporate cybersecurity is rapidly changing and outsourced services, including IT and business process services, all stand to be impacted. Corporate stakeholders, particularly in the legal, information security and information technology departments, should be keenly focused on the current cybersecurity climate and the state of cybersecurity across third-party outsourcing agreements.

A significant aspect of this heightened attention on cybersecurity is not only how third-party outsourcing partners are managing security as part of the service they deliver, but also the risk and cybersecurity exposure to an organization from these third-party relationships. Attackers increasingly exploit weaknesses in third-party suppliers’ networks to access data and assets from target companies. As a result, having in place the appropriate contractual and governance safeguards with your third-party suppliers is paramount.

Download: Remain Vigilant: Managing Cybersecurity Risks in Third-Party Outsourcing Relationships