Manage Third-Party Risk

Third-Party Complexity Drives Need for Efficient, Risk-Based Governance 

Common Questions About Third-Party Risk

Click the labels on the illustration to see what your peers are asking about third-party risk—and to learn how RSA can help. 

<b>70% of risk management professionals </b>characterize their organization as moderately to highly dependent on external entities.

70% of risk management professionals characterize their organization as moderately to highly dependent on external entities.


Source: Deloitte, “Reestablishing the Perimeter: Extending the risk management ecosystem”

<b>59% of companies </b>experienced a third-party data breach.

59% of companies experienced a third-party data breach.


Source: Ponemon Institute, “2018 Third-Party Data Risk Study”

Only<b> 16% of companies </b>say they effectively mitigate third-party risks.

Only 16% of companies say they effectively mitigate third-party risks.


Source: Ponemon Institute, “2018 Third-Party Data Risk Study”

The Challenges with Managing Third Parties in the Era of Digital Transformation

  • Going digital: Digital transformation expands organizations’ third-party ecosystems, making them more complex and difficult to manage. Meanwhile, cybercriminals are exploiting vulnerabilities created with the expansion of third-party supply chains.
  • Lack of visibility: The scope and complexity of today’s third-party ecosystems make it harder for executives to proactively identify and manage the security, access, compliance, resiliency and other risks stemming from partners, and thus, understand their third-party risk exposure.
  • Regulatory pressure: Global regulations put additional pressure on organizations to better manage third-party risks.

Best Practices for Managing Third-Party Risk

  • Implement a programmatic approach to identify, catalog, assess, treat and monitor third-party risk and performance. Understand which third parties create the most risk for your organization.
  • Manage third parties’ access to your internal systems, data, and consumer-facing systems to ensure they don’t have excess access privileges.
  • Monitor your entire IT environment so that you can rapidly detect and respond to the security and fraud threats that third-party partners and technologies may introduce.

Additional Resources to Help You Get Started

<b>Third-Party Risk: The Soft Underbelly of Cybersecurity</b>

Third-Party Risk: The Soft Underbelly of Cybersecurity

Tech journalist David Strom shares eight tips for mitigating third-party security risks. Do you have these controls in place?

<b>RSA Risk Framework for Third-Party Risk</b>

RSA Risk Framework for Third-Party Risk

Find out how RSA can help you assess and mature your organization’s third-party risk management and governance capabilities.

<b>Ignite Your Third-Party Governance Program</b>

Ignite Your Third-Party Governance Program

Learn to get a third-party governance program off the ground quickly and avoid common pitfalls along the way.

A Word From Our Customers

Eastern Bank

Martha Dean, senior vice president and director of operational risk and information security, explains how RSA Archer® Suite helps Eastern Bank assess the risks associated with new products, services, applications and third-party partners.

Eastern Bank