https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

MSSP Insider


Risk management plan

Third-Party Cyber Risk Management Falls Short

  • Written by Pam Baker
  • March 30, 2019
Many third-party cyber-risk management practices are “important but ineffective.”

A new study conducted by Ponemon Institute and sponsored by global third-party cyber risk exchange CyberGRX, found a persistent theme still holds: “Organizations and third parties see their third-party cyber risk management (TPCRM) practices as important but ineffective.”

More than half (53 percent) of the 600 IT security professionals, who are all directly involved in managing their organizations’ TPCRM programs, reported a third-party data breach in the past two years, costing them on average of $7.5 million, yet find no changes in the TPCRM market in response.

EMA's David Monahan

EMA’s David Monahan

“The current state of third-party cyber risk management is failing,” said David Monahan, senior analyst, Enterprise Management Associates (EMA). “It is far too manual and therefore does not scale. To add to that, most of the programs rely on qualitative information that is often poorly verified. This generates a huge amount of labor for results that, as the research shows, hold little confidence on both the part of the target of evaluation and the recipient. We must move to a far more scalable and quantitative method of evaluation to reduce third-party cyberexposure and bring confidence back to this process.”

The retail sector reports the most third-party data breaches, while financial came in second. The technology and software sector was found to be most likely to have multiple third-party data breaches, and surprisingly, 41 percent said they still use manual procedures for third-party assessments. The health and pharma sector experienced the fewest such breaches and was far more likely to use a combination of tools to assess third-party cybersecurity practices.

Bottom line, the study found that “current practices and technologies used to support TPCRM and assess third parties are costly, inadequate and inefficient.”

The study identified three key ways to improve their TPCRM programs.

  • Invest in better assessment and vetting tools which can increase effectiveness in TPCRM and decrease the cost of maintaining the program.
  • Don’t apply the same approach to all third parties. Take the time to prioritize third parties and apply an appropriate level of due diligence to them. This will reduce costs and increase efficiencies in the long run.
  • Centralize control over TPCRM budgets. Currently, TPCRM budgets are dispersed throughout the organization, which can make the allocation of resources inefficient because of competing interests.

MSSP Opportunities and Challenges

MSSPs can help their clients work through a checklist to strengthen and automate some processes in TPCRM. MSSPs can also look at consolidations among third-party providers as new opportunities to meet evolving cybersecurity needs in several sectors.

“Significant consolidation among [third-party service providers] caused large numbers of banks – especially community banks supervised by the FDIC – to rely on a few large service providers for core systems and operations support,” the FDIC Inspector General wrote. “As a result, a cybersecurity incident at one TSP has the potential to affect multiple financial institutions.”

While third-party risk is on the rise, so are MSSP opportunities to mitigate them for clients; however, failing to take proactive steps to improve these risks may lead to new liabilities for MSSPs, which are, after all, third parties themselves.

Tags: MSPs Business of Security MSSP Insider Network Security Network

Most Recent


  • the software patching problem - solved
    The Software Patching Problem - Solved
    Organizations are struggling to keep up with the pace of software security patches and updates, making automation essential.
  • Making Waves
    7 Channel People Making Waves This Week at Pax8, Canalys, Microsoft, Splunk, More
    Over 100,000 unfilled jobs for IT professionals have been eliminated.
  • Collin Ellis at Zero Trust World 2023
    Zero Trust World 2023: A Deep Dive Into the Dark Web, ThreatLocker Gold Partner Awards
    Cybercriminals will steal data just to prove someone has bad security.
  • ThreatLocker Zero Trust World Day 2 2023 Feature
    Zero Trust World 2023: ThreatLocker Unleashes Ops Threat-Detection Tool
    ThreatLocker also will be rolling out a new portal.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • DevSecOps
    ServiceNow, Microsoft Set to Deliver Broad SecOps Integration
  • Dunce Cap Businessman
    Tired of MSSPs ‘Failing,’ Nuspire Debuts Platform to Combat Cyberattacks
  • Malicious hacker at computer with code
    FragAttacks Wi-Fi Vulnerabilities Pose Widespread Threat to Individuals, Businesses
  • Colonial Pipeline Just the Latest Victim in Darkside Ransomware Crime Spree

Upcoming Events

View all

Channel Partners Conference & Expo

May 1, 2023 - May 4, 2023

Channel Partners Europe

June 13, 2023 - June 14, 2023

Channel Futures Leadership Summit

October 30, 2023 - November 2, 2023

Galleries

View all

7 Channel People Making Waves This Week at Pax8, Canalys, Microsoft, Splunk, More

February 3, 2023

Post-TBI Acquisition, Partners Weigh the Future of AppDirect, TSDs

February 3, 2023

Juniper Networks Shows ‘Swagger’ with Ambitious Growth Strategy

February 3, 2023

Industry Perspectives

View all

The Software Patching Problem – Solved

February 3, 2023

How to Break Through the Growth Ceiling

February 1, 2023

5 Things to Look for in a UC Partner

January 31, 2023

Webinars

View all

Next-Generation MSP Platform: The Building Blocks for Your Business

February 15, 2023

How To Boost Your Business With White-Label UCaaS

February 28, 2023

Security Secrets of the MSP 501: How to Be a Cyber Leader in 2023

December 15, 2022
  • 1

White Papers

View all

6 UCaaS Reseller Challenges and How Real World Businesses Solved Them

February 1, 2023

Frost Radar: North American UCaaS Market, 2022

February 1, 2023

The Complete Guide to White-Label UCaaS for Reseller Success

February 1, 2023

Channel Futures TV

View all

Coffee with Craig and James Episode 117: Cato Networks, Video Killed the Podcast Stars

Retired Astronaut Capt. Scott Kelly Previews His CP Expo Keynote

December 21, 2022

Fusion Connect Eyes Future with Intrado UC, Managed Network Customers

September 23, 2022

RingCentral Focused on Hybrid Work, Microsoft Teams, Other Integrations

September 23, 2022

Twitter

ChannelFutures

Channel people making waves include: @RobTRae, @vasujakkal, @ReneeIMCloud, @garylsteele dlvr.it/ShvjQ3 https://t.co/yz09flzXvV

February 3, 2023
ChannelFutures

The slowdown in #publiccloud spending is real and it’s arrived at #AWSCloud and #GoogleCloud.… twitter.com/i/web/status/1…

February 3, 2023
ChannelFutures

#ZTW23: @ThreatLocker Gold Partners announced, deep dive into the dark web. dlvr.it/ShvFGF https://t.co/k68BfzLToq

February 3, 2023
ChannelFutures

Channel Partner Success Story: Forerunner Technologies - Learn how @NEC UNIVERGE BLUE Cloud Solutions enabled… twitter.com/i/web/status/1…

February 3, 2023
ChannelFutures

Partners and suppliers weighed in on the AppDirect-TBI acquisition and its implications for the channel.… twitter.com/i/web/status/1…

February 3, 2023
ChannelFutures

Read about @coxbusiness' acquisition of @Logicworks. dlvr.it/Shty4t https://t.co/3MaKai6SVr

February 3, 2023
ChannelFutures

Where in the world are the top MSPs?? Take a look at the infographic breakdown of 2022 #MSP501 winners by region >>… twitter.com/i/web/status/1…

February 3, 2023
ChannelFutures

.@SovosCompliance offers tips for how and when to revamp #partnerplans. dlvr.it/ShtDgv https://t.co/vPzajXnjee

February 3, 2023

MSP 501

The industry's largest and most comprehensive partner awards program.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X