Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Vendors not keeping up on cyber risk management

Reprints
Vendors not keeping up on cyber risk management

Given the frequency and magnitude of cyber attacks, there is still a significant amount of risk management work to be done by vendors, says a benchmark study issued Wednesday.

“Vendor risk management programs require more substantive advances,” says the study issued by global consulting firm Protiviti Inc., a unit of Menlo Park, California-based Robert Half International Inc. and the Shared Assessments Program, which is a consortium of financial institutions, accounting firms and third-party risk management leaders.

The report was based on data from 450 c-suite executives, risk management and audit professionals who rated their organizations using a benchmark tool from the Shared Assessments Program that measures the quality and maturity of existing vendor risk management programs.

“The overall maturity rating for program governance in this year's survey (2.8 on a 5-point scale) should serve as a warning sign of the need for deeper changes that reach into organizational culture and behavior,” says the report, “2015 Vendor Risk Management Benchmark Study.”

Cyber security threats are “prominent challenges,” says the report, which states also that vendor risk management programs within financial services organizations are more mature compared to companies in insurance, health care and other industries.

Read Next

  • Lloyd's cyber study reveals insurers' aggregation risks

    A coordinated cyber attack on the U.S. power grid could cause large, but manageable, losses of about $21 billion for the insurance industry, according to a study published Wednesday that addresses the risks of aggregation.