Forward-thinking organizations are building robust vendor-management programs that periodically assess the risks, opportunities, and value of vendor relationships throughout the contract lifecycle.
In examining recent headline-worthy data breaches, it’s not surprising to see the companies that lost data were quick to transfer the blame to a vendor: “Our security was fine. It was our vendor that dropped the ball.” This may be justified, as some companies that make headlines aren’t the ones responsible for the breach in the first place—yet the media turns the spotlight to them because they are more “recognizable” than the breached entity.

At a minimum, negligence in vendor selection and lack of due diligence has the potential to create a publicity nightmare, if not hefty fines. Industry regulators are tiring of organizations “passing the buck” to their vendors. Instead, regulators are embracing the fact that vendor relationships, and the management of those relationships, are at the heart of cyber security—and that signing a contract doesn’t transfer 100 percent of the risk inherent to a business venture. To avoid and/or control this risk, forward-thinking organizations are building robust vendor-management programs that periodically assess the risks, opportunities, and value of vendor relationships throughout the contract lifecycle.
Download PDF