Vendor-Provided Resources

Working with third parties is essential to the success of almost every organization. But it also introduces numerous security risks and challenges. In the last year alone, 84% of security professionals experienced at least one significant disruption directly attributed to a third party. Organizations across all industries are quickly — and painfully — seeing gaps in their current security programs. We spoke with leading security experts across various operational functions, from CISOs to cyber risk managers to procurement leads, about their approach to working with third parties. 

Learn how to:

• Approach a TPRM program as an InfoSec professional

• Get buy-in from key stakeholders

• Leverage existing company resources and tools

• Implement a TPRM program across the organization

Venminder created this AI primer to help third-party risk managers gain a fundamental understanding of artificial intelligence to better understand some of the AI products, services, and risks that must be considered in their third-party risk management (TPRM) practices.

Through this piece, you'll gain valuable insights into managing financial evaluations, navigating economic volatility, supply chain disruptions, rising costs, and the impact of geopolitical events on credit and operational strength.

In a recent Aravo benchmarking survey, approximately 90% of respondents reported that their organization had experienced at least one incident related to third parties that either did or could have led to business disruption or reputational damage. This is up from 59% in 2020, and 75% in 2019. As the third-party risk management (TPRM) discipline evolves, regulators, investors, and other stakeholders want to know that organizations are managing risks and are resilient in the face of change. Organizations need the ability to quickly detect and respond to changes in the risk profiles of their third parties.

As a risk manager, you are likely familiar with the concept of certificates of insurance. But have you ever thought of leveraging machine learning to analyze those certificates? With the right technology, you can now throw away your spreadsheets and step into the future. Take a look at how Evident uses machine learning to analyze certificates of insurance.

In this white paper, the RiskRecon research team breaks down five important insights for better managing supply chain ransomware risk based on an analysis of over 1000 publicly disclosed ransomware events occurring from 2017-2022.

With the latest statement from the White House on responsible AI, it’s clear AI is firmly in the spotlight. Find out how your organization can establish a foundation to address AI risks.

Dominated by a few risk repositories and scorecards, the TPRM ecosystem’s solutions have left healthcare largely wanting—still facing the same challenges that inspired the solution search in the first place. So, what does it take the actually solve for third-party risk in healthcare? Turns out, this question is best answered by professionals who have worked in healthcare.

The recent failures of Silicon Valley Bank (SVB) and Signature Bank have raised concerns about the financial health and viability of financial institutions, as well as the companies that rely on them. This report explains the undercurrents that have caused the demise of these banks and further explores the implications for supply chains.

In their first annual Ransomware Threat Landscape Report, Black Kite Research conducted an analysis and gathering of ransomware attacks over the last year. The report examines the evolving landscape of ransomware attacks from April 1, 2022, to March 31, 2023, including 2,708 ransomware victims whose names were publicized by ransomware groups on their underground blogs.

Cyberattacks on healthcare's supply chain and critical vendors have been growing exponentially in the last several years. CORL has compiled the top vendor risk trends for 2023 to help you map out your defensive strategy heading into the new year.

When it comes to concentration and cascading risk, what you don’t know could hurt your organization. In their eBook, The True Impact of Concentration and Cascading Risk, Black Kite covers the basics of how to classify and prioritize these risks across your organization to effectively resolve and mitigate areas of unacceptably high risk. They also cover how to strengthen your TPRM with tools that help you automate the process of mitigating concentration and cascading risk.