Third Party Cyber Risk – Is your business protected?
A Cyber Security Breaches Survey undertaken in support with the government’s National Cyber Security Programme, reveals that whilst following the introduction of GDPR many businesses are demonstrating more robust protection around customer data, trade secrets and intellectual property most are ignoring the cyber security risk presented by their third-party suppliers.
Reducing the chance of a data breach should form a fundamental part of the procurement process. Asking potential suppliers to confirm their cyber resilience and adherence to GDPR is a good starting point.
Once the procurement process is complete businesses should map the flow, exchange and storage of critical organisational data by and with third-parties and confirm who has access to information. This enables the adoption of appropriate risk mitigation strategies, ranging from firewalling, malware protection and regular software updates, through to listing all users with admin rights and sharing best practice for staff training and health checks.
Throughout the relationship businesses should then continue to hold their suppliers to account. This might include asking them to complete self-assessments and regular audits, the level of scrutiny will depend on the sensitivity of the data and systems shared.
The handling of sensitive data at the end of a commercial relationship is equally as important and businesses should establish what actions will be taken to delete or safeguard the data once a partnership has been terminated.
With the number and size of cyber-attacks and data breaches increasing every year it is becoming more important that businesses build robust third-party data security approaches.
Prevention is always better than cure, but it is equally important that businesses should consider including Cyber Liability Insurance in their portfolio of insurance coverage. For further information on how to survive a cyber attack download our factsheet