White Paper

Third-Party Risk in Standards & Regulations

July 2020

In today’s ever-changing environment, businesses rely on third-parties to help drive their core-activities. This dependence makes third parties, sometimes referred to as “suppliers” or “vendors”, an organic part of business processes.

Recent breaches affecting Amca, CenturyLink, Capital One, Facebook, and Twitter all originated from a third-party website or platform supplier. These breaches cause thousands, and in some cases millions, of records to be exposed.

A recent survey conducted by the Ponemon Institute reveals that 59% of organizations have experienced one or more data breaches caused by a third party, costing an average of $7.5 million to remediate.

The cost of these breaches sometimes involves engaging forensic experts, hiring a law firm, offering victims identity protection services, as well as reputation damage and regulation fines, which in turn may add up to millions of dollars.

This financial burden could be devastating to small and medium businesses, putting some firms out of business. With record-breaking GDPR fines due to third party breaches, whether it is a part of the due-diligence process or a malicious third party script, it is time to take a closer look at regulations from a third-party perspective.