Vendor management takes on a new life in cyber incidents and response. Did you know:
• In most states, vendors are not required to alert your bank of their internal cyber incident, unless the situation directly affects you or your customers?
• Research indicates vendors are responsible for more than 60% of organization breaches? Their failure led to the breach of one of their customers. Which of your vendors does this describe?
• Most assessments and security audits, such as SAS, only measures if the vendor has a response plan, not if it’s effective or adequate?
Hope is not lost. Through proactive planning and strong contract provisions, your bank can identify the true risk a critical vendor presents and more importantly, how to manage the risk.