One organization might implement solid cyber risk management strategies and ensure that their business partners do the same – but what about other firms that provide services organizations rely upon? A new report from BitSight takes a look at those “fourth party” connections that can be overlooked but that can cause trouble across a range of organizations.
“Many organizations are now focused on strengthening their own network security with firewalls, intrusion detection systems, identity management software, event log management tools, and more,” commented BitSight in the report, called “Risk Degrees of Separation: The Impact of Fourth Party Networks on Organizations.” “However, smart hackers and thieves have realized that the weakest point of entry into most organizations is through their vendors (third parties) and subcontractors (fourth parties). If a company shares data with its vendors or subcontractors then it may be at risk from data breaches at these organizations.”
This potentially unforeseen liability can result in added costs for an organization, regardless of the insight or oversight it might have into the cybersecurity of its contractors and subcontractors. The problem has implications for the insurance industry as well, as insurers struggle to measure the accumulation of cyber risk they accept.
This story in an excerpt of the original. The content originally appeared in Cyber Front Page News. To read the whole story, you must be a subscriber. Subscribe now.
Erin is the managing editor of Advisen’s Front Page News. She has been covering property-casualty insurance since 2000. Previously, Erin served as editor-in-chief of The Standard, New England’s Insurance Weekly. Erin is based in Boston, Mass. Contact Erin at [email protected].
