KPMG recently hosted a third-party security roundtable for cyber leaders. We heard from a diverse range of voices on how third-party security functions are innovating to keep ahead of expectations from business, affiliates, vendors, regulators, and clients. Themes that emerged from this discussion included:
- Cracks are emerging in traditional approaches tp third-party security
- Regulators are paying increased interest into how organizations manage third-party security
- There is a widening divergence of approaches to risk management between regulated organizations and their third parties
- Tensions between third-party security programs and the business remain unsolved
- The current maturity of utilities does not provide a “one-stop shop”
- Organizations are incorporating threat intelligence into third-party security programs
- Organizations are rethinking hoe they share security information with their clients
This paper seeks to explain the emerging third party risks and the approaches companies can take to mitigate these cyber risks.
