Are your Third-Party Vendors dangerous?
FROM THE DESK OF TODD SWARTZMAN, RealTime CISO
I had an informative call recently with a cyber insurance risk manager, and he mentioned that one of the primary drivers of the increasingly growing number of cyber insurance claims is what is known as contingent exposure. Contingent exposure refers to third-party risk. These are the potential risks that your own vendors, (along with their various processes, staff members, and even their own vendors) may inadvertently introduce to your business simply because you are a customer or a partner of theirs.
Many of us have experienced the repercussions of this on the personal side because of the significant CDK and Change Healthcare data breaches that occurred this year. Let’s not forget the disruption caused by CrowdStrike, which resulted in delayed flights for several days. While these companies directly faced these serious issues, many of us ended up suffering from the fallout in terms of lost time, increased frustrations, and, in some cases, delayed payments related to insurance claims. All this reinforces the importance of carefully considering how your business can better manage its third-party risks.
HOW TO MANAGE THIRD-PARTY RISKS
Managing third-party risks can often be as straightforward as simply asking vendors if they have a robust cybersecurity plan in place, including comprehensive cyber insurance coverage. This practice not only helps in assessing the overall security posture of these vendors but also ensures that they are prepared for potential cyber incidents. The cost of cyber insurance rates can be expected to rise this year due to the substantial claims that have been filed by Change Healthcare and CDK, highlighting the increasing financial pressures on the insurance industry in light of recent data breaches and security challenges.
FINAL THOUGHT.
Make sure your business has cyber insurance and make sure all of your third-party vendors have a cybersecurity plan/cyber insurance. It’s really that simple.