Security news aggregator

Latest coverage for Third-Party Risk

Third-party risk concerns cybersecurity weaknesses in vendors and service providers that can expose connected organizations to breaches, outages, or data loss.

15 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Third-party risk is the security exposure created when an organization relies on external suppliers, contractors, cloud services, software providers, or business partners. These parties may process sensitive information, connect to internal systems, or supply software and services whose security the organization does not fully control. The tag generally covers cyber, privacy, and operational risks arising from those relationships, including dependencies on a provider’s own suppliers.

Security-relevant concerns include excessive or poorly governed third-party access, vulnerabilities in supplied software or services, and inadequate protection of shared personal or business data. Useful controls include assessing a provider’s security before onboarding, limiting and reviewing access, requiring vulnerability and incident-notification practices in contracts, monitoring material changes, and promptly removing access when a relationship ends. During an incident, organizations may need provider logs, evidence, and coordinated response actions; clear ownership and communication paths are therefore important.

Volume over time

Weekly headline count for the current query.

Showing 15 most recent headlines Filtered view
Bank Info Security 3 months, 3 weeks ago

Why CISOs Need to Start Taking AI Third-Party Risk Seriously

Keyrock CISO David Cass on Managing Agentic AI Risk in Financial ServicesAs financial institutions accelerate AI adoption, traditional governance models are falling short. David Cass, CISO at Keyrock, explains why organizations must rethink accountability, asset visibility and identity controls to manage emerging risks from LLMs and agentic AI systems.

Claroty's Sean Tufts on Security Issues Facing Critical Infrastructure ProvidersThird-party risks are creating new challenges for critical infrastructure providers, and that could lead to new regulations for securing cyber-physical systems, said Sean Tufts, field CTO at Claroty. Claroty's recent survey shows that cyber professionals are facing an uncertain regulatory landscape.

Bank Info Security 8 months, 2 weeks ago

Searchlight Cyber Buys Intangic to Help Quantify Cyber Risk

European Startup Acquisition Aims to Unify Technical and Financial Cyber InsightsThe acquisition of Intangic enhances Searchlight Cyber's ability to quantify and price cyber risk by leveraging AI and dark web intelligence. The combined platform will offer actionable third-party risk data for CISOs, CFOs and insurance providers to better understand and manage cyber exposure.

Bank Info Security 8 months, 3 weeks ago

Island Hopping on AI Tools: The New Cyberthreat Reality

HITRUST's Tom Kellermann on Third-Party Risk, Defending Against Persistent AccessIsland hopping, AI poisoning and access mining are reshaping cyber risk. Tom Kellermann of HITRUST says organizations must modernize third-party risk management practices and assess AI environments to stop attackers from using trusted infrastructure as a launch pad for broader campaigns.

Bank Info Security 9 months, 1 week ago

Free Healthcare 'Toolkit' Ranks and Maps Third-Party Risk

Guide Helps Teams Prioritize, Recognizing Not All Vendors Pose Same Level of RiskThird-party security risk is among the most complicated challenges facing the healthcare sector because of the wide variety of vendors involved and the critical products and services they provide. A new Health Sector Coordinating Council toolkit aims to help entities navigate those difficulties.

HyperComply's AI Automation Reduces Vendor RFP Questionnaire Work by 92%SecurityScorecard is acquiring HyperComply to streamline third-party risk assessments with AI that automates most security questionnaire responses. The deal supports SecurityScorecard’s shift from ratings-only to a full solutions platform for mitigating supply chain risk.

Bank Info Security 11 months ago

Third-Party Risk Set to Reshape AI Security

Lytical Ventures' Taylor Margot on Autonomous Agents and New AI DefensesAs AI shifts toward autonomous agents, organizations face growing exposure from third-party systems. Strong permissioning, data orchestration and new defenses are essential to protect against opaque and potentially costly security risks, said Taylor Margot, partner at Lytical Ventures.

Bank Info Security 1 year, 1 month ago

How to Get a Clearer Picture of Vendor Risk

Experts Call for Continuous Assessments of Vendor Risk - Not Just at OnboardingAs vendor ecosystems grow in complexity, many organizations still view third-party risk management as a static assessment of vendors as they're onboarded. But organizations often focus too heavily on upfront vetting of vendors and fail to track how their risk profiles may change over time.

Bank Info Security 1 year, 8 months ago

ISMG Summit Highlights Growing Third-Party Vendor Threats

Financial Services Experts Call for Stronger Focus on Third-Party Risk ManagementFinancial services leaders and cybersecurity experts said at Information Security Media Group’s 2024 Financial Services Summit that third-party vendor security risks required the need for proactive, multi-layered security frameworks to combat the growing threat landscape.

Automation, Improved Data Validation Reduce False Positives for Cyber Risk RatingsBy improving data validation and incorporating automation, cyber risk ratings platforms are addressing trust issues and enhancing their role in third-party risk management. Bitsight and SecurityScorecard continue to lead the market, Forrester said, and Panorays became a leader.