Skip to content

Vendors and Cyber Risk

Answered by: 

Question: 
How do we include vendors in our Cyber Incident Response Plan? We don’t know their Plan.
Answer: 

Vendor management takes on a new life in cyber incidents and response. Did you know:
• In most states, vendors are not required to alert your bank of their internal cyber incident, unless the situation directly affects you or your customers?
• Research indicates vendors are responsible for more than 60% of organization breaches? Their failure led to the breach of one of their customers. Which of your vendors does this describe?
• Most assessments and security audits, such as SAS, only measures if the vendor has a response plan, not if it’s effective or adequate?

Hope is not lost. Through proactive planning and strong contract provisions, your bank can identify the true risk a critical vendor presents and more importantly, how to manage the risk.

First published on 05/13/2018

Banker Store View All

From training, policies, forms, and publications, to office products and occasional gifts, it’s available here:

Banker Store

hot right now

image description

Looking for effective, convenient training on a particular subject?

BOL Learning Connect offers more than 200 courses ON-DEMAND or on CD ROM from AML to Reg Z and every topic in between.

Search Topics