The Cost Of Third Party Risk

The threatscape from cyberattacks is increasing daily and not a day goes by when we don’t hear about data-breaches in the headlines. This leads to loss of customer trust, damage to reputation, regulatory fines, litigation and remediation expenses for the enterprise.

The 2017 estimate for an average cost of a single data breach is $3.62 million* and there is no question that this cost is going to increase in the coming years. The same study also indicates that the average cost of a breach increases by 20% with the involvement of a third party and compliance failure. A growing portion of data breaches these days can be traced to third party vendors**:

• Cogent Healthcare : Breach reported August 2013 — “Vendor Mistake Causes Breach of 32,000 Patients’ Data”
• Target : Breach reported December 2013 — “HVAC Vendor Confirms Link to Target Data Breach”
• Home Depot : Breach reported September 2014 — “Home Depot Hackers Used Vendor Log-on to Steal Data, E-mails”
• Department of Veterans Affairs : Breach reported November 2014 — “Vendor Breach Exposes PII of More than 7,000 Vets”
• AT&T Services, Inc. — FCC Settlement announced April 2015 — “AT&T Breach by Vendor Awakens New Insider Threat Concerns”
• CVSphoto.com : Breach reported July 2015 : “CVS Photo Breach Points to Third-Party Vendor”
• Jimmy John’s : Breach reported September 2015 : “PoS Vendor Confirms Jimmy John’s Breach Was Their Fault”

Studies estimate that between 60–70% of all data breaches can be traced to third parties. This problem becomes even more alarming when you consider that most organizations do not have a complete grasp on all their third parties and the information sharing arrangements with them. This does not even take into account fourth parties (suppliers to your suppliers) and how they can introduce a threat to your supply chain.

ProcessBolt can help with the compliance monitoring required in this constantly evolving supplier landscape. With our purpose built compliance survey and scoring engine, you can manage a consistently enforced compliance program across your entire supply chain. With visibility into your third and fourth party compliance scores, you can make informed decisions on where to effectively direct your focus and remediation resources, up and down the supply chain. Our growing template library enables you to rapidly implement a controls framework at scale.

In addition, your vendors can take advantage of our AutoBolt engine that keeps track of their compliance responses from the past and assists them in filling out compliance questionnaires in a matter of hours rather than days.

Some key features:

1. Drag and drop questionnaire engine — Easily design and implement compliance questionnaires.
2. Library of pre-built questionnaires — Get your compliance program off the ground quickly.
3. Manage Assessments — Keep all compliance data organized, auditable and traceable.
4. Enhanced visibility into supply chain risk — View high risk suppliers and collaborate on remediation plans complete with status alerts.
5. Role based access control and configuration to allow your corporate branding.
6. Reporting for board, management, auditors and risk advisors

For more information, visit us at www.processbolt.com or contact us at www.processbolt.com/contact

*2017 Poneman Institute Cost of Data Breach Study

** https://www.privacyandsecurityforum.com/wp-content/uploads/2015/10/25092-Privacy-and-Data-Security-Breach.pdf