Startups Managing third-party cybersecurity risks that are too expensive to ignore • businessroundups.org Ana LopezFebruary 11, 20230195 views Jon Sieglerco-founder and chief product officer of LogicGatehas more than a decade of experience designing customer-centric enterprise risk and compliance systems. Many cybersecurity professionalsif not all, have experienced that “post-breach” feeling – the moment when you realize you need to tell your customers that their personal data may have been compromised because one of your suppliers suffered a data breach. Such situations also involve spending significant amounts of time and resources resolving a problem caused by a third party. No matter how well you clean up, the reputational damage to your organization will continue to cost you in lost business over time. The fact is, the consequences of not properly managing third-party risk are far too costly to ignore. The cost of ignoring cyber risks Ransomware attacks, data breaches and widespread IT outages ranked as the main risk concerns for companies worldwide. More than seven in ten organizations fear that third parties have too much control over customer data, including unnecessarily broad permissions and authorization. Of the 44% of organizations that reported a data breach last year, 75% said the breach stemmed from excessive third-party privileged access. Because they integrate so seamlessly with many aspects of modern organizations, the risks of third-party vendors are your risks. While third-party cyber risk management is essential to maintain customer trust, it is also becoming increasingly important for organizations looking to purchase cyber insurance. All it takes is an accidental email containing personal information sent to the wrong customer and basic standards for a data breach have been met. Add to that the various state and federal data laws and recovery costs, and it becomes clear why every organization could benefit from cyber insurance. As more business-to-business contracts include cyber insurance clauses, it is important to consider the impact security standards have on obtaining a policy. To put it plainly, the better your security standards are, the better your rates, especially at a time when Cyber insurance premiums are skyrocketing. Cyber insurance providers want to see you have high security standards before issuing a policy, so effective third-party risk management can mean the difference between potential insurers offering you a good rate or making you ineligible for coverage. How to manage third party risk An organization’s ability to proactively address third-party cyber risks depends on its risk management strategies. According to Forrester, 70% of enterprise decision makers agree that third-party risk is a business priority, but about 69% use manual processes in their third-party risk programs.