Are your third-party risk assessments effective? If not, this session is for you. According to Cyber Risk Alliance research, out of 300 IT and cybersecurity decision-makers who work with third parties, 90% said they use assessments or questionnaires to conduct evaluations. Despite these risk identification efforts, 60% of these decision-makers reported an IT security incident as a result of a third party in the last two years. Why the disconnect? Are third-party risk assessments adding value? Or, are assessments just “part of the job”? The reality is that assessments are a time-consuming, yet critical piece of an effective third-party risk management program (TPRM). They help organizations identify third-party risks, however, they don’t solve the entire equation. What comes next after the risk is identified? How do we mitigate? And with hundreds, sometimes thousands of third parties, can we supplement assessments with other technologies to manage risks as they arise. In this session, we’ll explore these questions and layout 7 must-know best practices to conduct more meaningful third-party risk assessments.
1000 W Buena Vista Drive
Orlando, FL 32830
United States