Today, nearly every major business sector in some capacity relies on third parties. According to Deloitte’s 2022 Global Third-Party Risk Management Survey, 73% of respondents now have a moderate to high-level dependence on third-party cloud service providers, with that figure expected to rise to 88% in the coming years. While there are benefits to third party business relationships, including better efficiency, productivity, and meeting sustainability commitments — there are also risks that must be accounted for, particularly with regard to third-party related cyberattacks, data breaches, and other cyber incidents.
The IIA’s new Global Knowledge Brief on Cybersecurity, a three-part series produced in collaboration with AuditBoard, discusses the importance of third-party risk management (TPRM). Part 3: Cybersecurity Third-Party Risk Management explores the significance of cyber risks associated with third parties as well as how internal auditors can best approach third-party cyber risk management, including:
- The increase in the use of third parties and related security incidents.
- Reasons why organizations are struggling to keep up with third-party risks.
- Tips, strategies, and areas of focus for internal audit to successfully manage these risks.