Addressing Third-Party Cyber Risk: Moving Beyond a False Sense of Security

A Harvard Business Review Analytic Services Report

Sponsored by FTI Consulting

Fill out the form below to download the Harvard Business Review Analytic Services Report
By clicking submit you consent for your details to be used by FTI Consulting LLP for marketing their services and future events to you. You may withdraw this consent at any time via their preference centre or selecting the unsubscribe option at the bottom of any email you receive. For further information about how FTI Consulting LLP process personal data and your rights in relation to their processing of your personal data, please see their privacy policy.
In today’s corporate environment, it is commonplace to outsource business operations functions to third-party suppliers for increased efficiency and to optimize internal resources. However, the added outsourcing benefits also carry significant cyber risk, as these connected entities can serve as an access point for cyber actors.

Third-party cyber risk is a unique issue in that while most organizations are aware of the significant threat it poses, many fail to implement an adequate risk mitigation strategy. Organizations are unprepared, and there is a disconnect between having awareness of a problem and the ability to manage it.

Furthermore, it is not always clear who ultimately is responsible for proper cybersecurity in this situation. The third-party supplier may assume that the organization who hired them is properly protected, and therefore, they are secure as well. Meanwhile, third-party suppliers have vendors of their own, and it is possible that these “fourth-party suppliers” are in fact inadvertently granted access to the sensitive data of the original hiring organization.

Many organizations believe the answer to this problem is achieving compliance, but compliance alone does not address new threats. If you protect against what has already happened and fail to prepare for what is yet to come, you will forever be vulnerable. Cyber actors are constantly evolving and developing new attack methods, demonstrating the need for protections to also follow this more agile, evolutionary path.

Relying on a pure compliance approach creates a false sense of security. Moving beyond this and attempting to tackle the seemingly endless access points cyber actors seek to exploit may sound daunting. It is our hope that our sponsored research from Harvard Business Review Analytic Services serves as an empowering blueprint for the steps your organization can take today, and demonstrates why third-party cyber risk should be viewed in the same way as more traditional organizational risk, such as financial risk.

The report that follows details how organizations can implement proper third-party cyber risk mitigation strategies, including helping bolster the security of their suppliers. We encourage you to read on and delve into the insightful data on this important topic.
Addressing Third-Party Cyber Risk: Moving Beyond a False Sense of Security
  • The Attack Onslaught
  • Vetting Suppliers' Security
  • Identifying Attacks
  • Responding to Incidents
  • After the Breach
  • Fortifying Relationships with Suppliers
  • Conclusion
FTI Cybersecurity takes an intelligence-led, expert-driven, strategic approach to global cybersecurity challenges affecting organizations – their people, their operations, and their reputation. We are a global leading provider of independent cyber and risk management advisory services with a core offering focused on cyber readiness, incident response, and complex investigations. As an international company serving organizations across the globe, we build a safer future by helping businesses understand their own environments, harden their defenses, rapidly and precisely hunt threats, holistically respond to crises, and recover operations and reputation after an incident. Our team has a unique ability to include sector and industry expertise alongside our cybersecurity capabilities.
Privacy  |  Legal  |  Sitemap |  Locations
© 2021 FTI Consulting, Inc. All rights reserved.