Third-party cyber risks during periods of business disruption

Can Your Suppliers Keep Data Protected During Periods of Business Disruption?

15th June 2020BlogAJ Thompson

Are you ready to get in touch?

  • 0207 448 8500
Request a Call back

When the unexpected happens, how can you control third-party cyber risk?

Global business runs on data

Around the world, enterprises increasingly depend on data-driven systems to support their operations. While digital transformation has lifted efficiency, cost-effectiveness and innovation to new heights across a wide range of industries, the growing importance of IT to drive day-to-day operations introduces significant business risk in the event of a disaster scenario.

In recent years, cyber resiliency has shot up the agenda in corporate board rooms—and for good reason. Many future-facing companies now acknowledge that breaches—however minor—are an inevitable cost of doing business in the digital world. The ability to prepare for, respond to and recover from attacks quickly is vital to mitigate the impact of these attacks when they occur.

two people working and looking at a screen

Preparing for disaster scenarios

To strengthen cyber resiliency, it’s becoming more common for enterprises to have mature business continuity plans in place that lay out precisely what steps should be taken in the event of an attack, which teams have responsibility for each set of tasks, and the recovery-time objectives for restoring normal operations. These are often elements in supplier risk assessments. When disaster strikes, you know you can count on these suppliers to get back up and running again quickly, and to keep your data protected.

However, the effectiveness of many business continuity plans depends on an attack happening during a typical working day, when teams have ready access to systems and personnel. If a breach happened during a period of significant business disruption, do you know if your suppliers and business partners would be able to continue to manage your data appropriately?

Understanding third-party cyber risk

When business-as-usual is interrupted, most enterprises have contingency plans that enable their employees to work remotely. Although some businesses have offered flexible working arrangements for decades—including corporate-managed devices and VPN services—other enterprises lack the experience, processes and systems required to enable a secure remote-working strategy. In a worst-case scenario, these companies may compromise their cyber security or inadvertently leave sensitive data exposed during normal remote operations. Some of these businesses may be your suppliers.

Adding to the potential risk is the fact that all your suppliers are likely to have their own network of partners via digital channels. If there are any weak links in this chain—such as lightly secured systems that are open to third parties—then your data may be even more exposed. If you only run supplier risk assessments once a year, how can you be sure that all your suppliers and third parties are maintaining appropriate security and access controls?

Gaining real-time risk insights

To ensure that your data is protected 24/7, it’s crucial to gain insight into your exposure to cyber risk across your entire network of suppliers and third parties. Answering this question involves analysing a large, complex and constantly changing technology ecosystem, which means that automation is critical to deliver a real-time view.

RiskXchange from Northdoor is the global standard for enterprise and third-party cyber risk score ratings and cyber risk analysis. RiskXchange provides a simple, automated and centralised risk management solution that enables organisations to automate supplier risk assessments and ensure that their suppliers and third-party partners are adopting and maintaining a strong security posture.

Through clear, real-time dashboards, RiskXchange enables you to monitor your exposure to risk over time. This capability is particularly valuable when your suppliers’ business continuity plans are put to the test—for example, if large numbers of employees must suddenly switch from working on desktop machines in an office to laptops and mobile devices from their homes.

To learn more about how RiskXchange can help you to understand extended cyber risks and take targeted action to protect your data, contact Northdoor today or read our RiskXchange page

Organisations today face a complex array of IT security and data protection risks.

Cybercrime is on the increase, particularly as companies open up their systems to partners and customers, and legislation such as the GDPR places a heavy burden on organisations to understand and manage their data better.

Northdoor’s expert Security practice offers a consultant-led Threat-Analysis Exercise to help organisations understand today’s threat landscape, compare their current capabilities with those of their industry peers, and plan a best-practice enhancement programme.

By showing you where and how to invest, we can accelerate your legislative compliance, strengthen your cybersecurity posture and improve your data governance – rapidly and cost-effectively.

For more information and to arrange a no-obligation call-back, please complete the contact form.

Security Threat Analysis Exercise

  • By providing your details, you agree to be contacted by us. We promise to only use your information within Northdoor and not to pass this to any other 3rd party marketing companies. You can opt out at any time. More details can be found in our Privacy Policy .
  • This field is for validation purposes and should be left unchanged.

Our Awards & Accreditations