Calculating Total Risk Across Third-Party Portfolios

With cyber crime-related costs to hit $6 trillion annually by 2021, according to Cybersecurity Ventures, and continued high-profile breaches in news headlines, more and more organizations fear that one cyber-attack could suddenly put a stop to growth and profitability. Understanding breach likelihood is, of course, a critical element of successfully blocking attacks and ensuring business continuity.

If vendors in a third-party portfolio share common security weaknesses (Common Vulnerabilities and Exposures [CVE], for example), hackers can deploy malware to exploit the flaws across the board, ultimately causing multiple breaches within your vendor network and putting your enterprise at substantial risk. This is a correlated risk, similar to that faced by the mortgage industry in 2008, that can expose your business to compromise, even if the individual vendors in your ecosystem have reasonably good security hygiene.