Many organizations are not prepared to manage their own incidents and cyberattacks – let alone plan for third-party incidents and attacks. The same due diligence that organizations apply to their own incident response plans must be applied in this critical area of managing sensitive data outsourced to third parties, including demonstrating how they are protecting the data, maintaining a mature incident response plan, testing the plan, and providing strong contractual service level agreements to report compromises back to the organization.
This marks the second year that the Shared Assessments Program and Protiviti have partnered on this research, which is based on the comprehensive Vendor Risk Management Maturity Model (VRMMM) developed by the Shared Assessments Program, a collaborative consortium of financial institutions, Big Four accounting firms, and third-party risk management leaders in insurance, brokerage, healthcare, retail and telecommunications – dedicated to assisting organizations understand, manage and monitor vendor risk effectively and efficiently.
2015 Energy Industry Cybersecurity Report
Strategic Cybersecurity: A Toolkit for Prioritizing, Coordinating, and Transforming Your Cybersecurity Program