Stratia Cyber: The third-party data breach problem …
General Electric, T-Mobile, Chubb, Amazon, eBay, Spotify and PayPal.
All of these companies have one thing in common. They were all subject to data breaches due to their Third Parties being exploited.
The Ponemon Institute revealed that 53% of organisations have experienced one or more data breaches caused by a Third Party. These Third Parties are normally companies that support your practice such as Cloud Hosting, IT companies, SaaS companies, marketing, accounting or HR companies. Effectively any company that has access to your data in order to provide you a supporting service.
Mitigating this issue and protecting your reputation requires a proactive, measured and continuous approach.
The National Cyber Security Centre (NCSC) provides good practice on how to tackle this growing problem for companies and have split their 12 principles into 4 stages:
Understand the risks
Establish control
Check your arrangements
Continuous improvement.
Stratia Cyber are approved by the NCSC and are industry experts in risk assessment and assurance. We have carried out and implemented Third-Party assurance solutions to a number of clients across all industry sectors.
We are technology agnostic, so will only ever provide advice on what the most appropriate systems or controls are required to get control over your Third-Party cyber risk.
