If you are worried about managing your third parties, you are not alone. Gartner reports that nearly 70% of chief audit executives reported third-party risk as one of their top concerns, but many still struggle to manage this risk.
The reason? Because it’s a tough job.
Organizations rely on third parties, who receive access to businesses’ digitized systems and processes. These systems often contain confidential and sensitive information, and organizations must make sure that each third party maintains a high level of security to safely access these systems. Vetting these third parties and continuing to effectively monitor them for cyber gaps can be time-consuming and expensive.
So here’s a great New Year’s resolution for every business: Make 2019 the year that you take control of your third parties’ cybersecurity posture. Here are three good reasons why:
More than 75% of respondents in a recent Ponemon Institute report said that third-party data breaches are on the rise, but we probably could have guessed that simply from the frequency of data breaches reported in the news. The victims have included major companies such as Ticketmaster, Newegg, British Airways, and others.
Meanwhile, the complexity of the breaches indicates that hackers are becoming even more creative about how they steal personal data. In fact, 22% of CISOs polled admitted that they weren’t sure if they’d had a third-party data breach in the past 12 months. Chances are that your business might have already suffered a third-party breach—or will soon.
According to the Ponemon report, the average number of third parties employed by organizations has increased from 378 in 2016, to 471 in 2017, to 588 in 2018. Which means that managing third parties will only continue to get more complicated.
Move over, GDPR: There are more data privacy regulations on the way, and these hail from the United States.
Beginning January 1, 2020, the California Consumer Privacy Act will go into effect, granting California citizens certain data privacy rights. These include:
Penalties for not complying with CCPA—while not as high as GDPR—are still significant: $2,500 per violations for negligent violations and up to $7,500 per violation for intentional violations.
Data regulations are being passed in other states as well. Vermont recently became the first in the nation to regulate the companies that buy and sell personal information. In Colorado, a new law focuses on how companies handles personal identifying information. And New Jersey and Washington have also passed laws on retail data and biometric data, respectively.
All told, the stakes are even higher for businesses to better manage personal data, as well as the third parties who can access it.
Automated third-party security management is the way to go. Using a solution such as Panorays, companies can rapidly evaluate and continuously monitor third-party security posture while ensuring compliance to regulations like GDPR and CCPA.
Interested in learning more? Contact us for more information.