With the proliferation of IoT devices in the enterprise, managing third-party risks to sensitive and confidential data has become a herculean task. As revealed in The Second Annual Study on the Internet of Things (IoT): A New Era of Third-Party Risk, companies are deeply concerned that failure to prevent a data breach or cyber attack due to an unsecured IoT device would have catastrophic consequences.Register to Download
As rapidly changing risk and regulatory environments continue to challenge vendor risk management capabilities, the results of the latest Vendor Risk Management Benchmark Study show that:
- Organizations in all industries are making incremental progress in improving how they manage vendor and third party risks.
- Governing boards are increasing their level of engagement with cybersecurity risks, an important trend because board engagement continues to correlate highly with self-reported third party risk management practice maturity.
- A majority of companies plan to de-risk (via exiting or changing) third party vendor relationships that pose the highest risks.
Ready or not, IoT third party risk is here. Given the proliferation of connected devices, today’s cyber climate is evolving and organizations have to shift their focus to the security of external parties, now more than ever,” said Charlie Miller, Senior Vice President with the Shared Assessments Program. “In order to avoid becoming the next big headline, our security tactics have to evolve along with the threats.Register to Download
Tone at the Top and Third Party Risk examines the role of executives in third party risk management in a broad range of industries and the effect of tone at the top on minimizing business risks within organizations. This study is sponsored by Shared Assessments and conducted by the Ponemon Institute.Register to Download
Protiviti and the Shared Assessments Program have worked to refine the 2015 Vendor Risk Management Benchmark Study results, including running additional analyses to highlight areas where a substantial number of respondents reported they do not have any process in place to support significant Vendor Risk Component activities. Those revisions and additional insights are included in a revised version of the report.Register to Download