Sending the Right Message on Risk Management

 
 
By Karen A. Frenkel  |  Posted 09-14-2016 Email
 
 
 
 
 
 
 
 
 
  • Previous
    Sending the Right Message on Risk Management
    Next

    Sending the Right Message on Risk Management

    The tone executives send regarding security risks trickles down to all employees and can affect a company's third-party risk.
  • Previous
    Benefits of Positive Tone at the Top
    Next

    Benefits of Positive Tone at the Top

    Reduces the risk of working with untrustworthy third parties (71%). Incorporates integrity, ethics and trustworthiness in relationships with third parties (66%). Increases employee and third-party awareness of the importance of security, data protection and business resiliency (43%)
  • Previous
    Third-Party Risk Management Is Serious
    Next

    Third-Party Risk Management Is Serious

    75% of respondents say third-party risk is serious and of these, 70% say it is increasing or significantly increasing.
  • Previous
    Disruptive Technologies Are Increasing Third-Party Risk
    Next

    Disruptive Technologies Are Increasing Third-Party Risk

    The Internet of things and migration to the cloud are expected to increase third-party risk by 60% and 68% of respondents, respectively.
  • Previous
    Cyber Attacks and IoT's Impact on Risk
    Next

    Cyber Attacks and IoT's Impact on Risk

    78% of respondents say cyber-attacks will have a significant impact on their risk profile. 76% say the Internet of things will have a significant impact. Cloud computing, mobile, and big data analytics will have a significant impact according to 71%, 67% and 51% of respondents, respectively.
  • Previous
    Third-Party Risk Not a Primary Risk Management Objective
    Next

    Third-Party Risk Not a Primary Risk Management Objective

    Although they recognize the seriousness of third-party risk, respondents say the top two risk management objectives are to minimize downtime (56%) and minimize business disruptions (37%).
  • Previous
    Not Managing Third-Party Risk Can Be Expensive
    Next

    Not Managing Third-Party Risk Can Be Expensive

    During the past 12 months, respondents spent an average of $10 million to respond to security incidents because of negligent or malicious third parties.
  • Previous
    Few Formal Third-Party Risk Management Programs
    Next

    Few Formal Third-Party Risk Management Programs

    The incentive to create a comprehensive program for mismanagement is low. Only 29% of respondents say they have a formal program.
  • Previous
    Consequence of No Third-Party Risk Management Program
    Next

    Consequence of No Third-Party Risk Management Program

    Asked to rate the effectiveness of their organization's ability to mitigate or curtail third-party risk, 21% of respondents said they considered theirs highly effective (7+ on a scale of 1 to 10).
  • Previous
    Accountability for Third-Party Risk Management
    Next

    Accountability for Third-Party Risk Management

    23% of respondents say the compliance department is responsible for managing third-party risk. 17% say it is the information security department's job.
  • Previous
    C-Level Executives Not Engaged
    Next

    C-Level Executives Not Engaged

    Only 37% of respondents say C-level executives in their organization believe they are ultimately accountable for the effectiveness of third-party management. 50% of respondents do not believe risk management is aligned with business goals, which senior management determines.
  • Previous
    Boards of Directors Not Engaged
    Next

    Boards of Directors Not Engaged

    Boards of directors are not significantly involved, according to 17 respondents, or have some involvement in overseeing risk management activities, according to 23% of respondents.
 

Without one person in an organization responsible for managing third-party risk, companies face a serious barrier to achieving effective third-party risk management, according to a new study. The study, "Tone at the Top and Third-Party Risk," was conducted by the Ponemon Institute and sponsored by Shared Assessments, a member-driven, industry-standard body specializing in third-party risk assurance. "Tone at the Top" describes an organization's environment, as established by its board of directors, audit committee and senior management. It is set by all levels of management and trickles down to all employees. "If management is committed to a culture and environment that embraces honesty, integrity and ethics, employees are more likely to uphold those same values," according to the report. "As a result, such risks as insider negligence and third-party risk are minimized." The study sample was 617 IT and IT security practitioners in the United States. Here are key findings regarding the state of third-party risk management. The report also offers 10 steps you can take to create a stronger third-party risk management program.

 
 
 
 
 
Karen A. Frenkel writes about technology and innovation and lives in New York City.

 
 
 
 
 
 

Submit a Comment

Loading Comments...