Organisations once concerned with merely managing third parties are now working in a vast new risk-charged world — managing fourth, fifth and even sixth parties. These parties include a mix of cloud and IT providers, partners and affiliates that define today’s modern extended enterprise. Dani Michaux, EMA Cyber leader, explains.
Unlocking new ways to enhance supply chain capabilities and security in the digital era will likely spell the difference between success and failure. In The extended enterprise — securing the future, we examine today’s challenges and the emerging solutions that promise to help businesses implement modern supplier ecosystems that: reduce risk, build trust, improve privacy, drive ongoing innovation and manage compliance.
As challenging as it is today, identifying ecosystem risk is critical to understanding the potential threat to your organisation. Clarity on the following is critical:
While innovation and collaboration influence our ability to secure the ecosystem, consumer data’s vastly increased flow and accessibility are also creating significant new privacy challenges. Under a growing number of regulations across the globe — Europe’s GDPR, California’s Consumer Privacy Act, Brazil’s LGPD, to name a few — consumers and in some cases employees have gained legal rights to increased visibility, transparency and control of data that companies have collected or purchased. Meanwhile, the EU Court of Justice’s recent Schrems II case ruling will likely have a major impact on the transfer of personal data between the EU and the US.
From a consumer perspective, privacy advocates and laypeople alike are being enabled to make better choices about the companies they deal with and how effectively their data is being managed. From a corporate standpoint, timely and accurate fulfilment of such rights, especially at scale, has proven tremendously difficult. This is largely driven by two factors.
We need to consider methodologies that can better scope assessments, provide more continuous data and monitor those controls that are critical to the proper functioning of the service. However, KPMG's Third party Risk Management Outlook 2020 report identified that only 26 percent of businesses believe they have all the data needed to carry out required assessments. In addition, 37 percent of respondents cited technical barriers, such as incompatible systems, as obstacles to sharing third party data across the enterprise.
By working together, building a risk management, regulatory, privacy, resilience and technology framework, we can continue to evolve our ecosystems and reduce risk. We look forward to a new reality that allows much-needed innovation and progress to move at the speed of business.
Our global organisation of cyber security professionals offers a multidisciplinary view of risk. We help you carry security throughout your organisation, so you can anticipate tomorrow, move faster and get an edge with secure and trusted technology.
If you're interested in understanding ecosystem risk in your business, please contact Dani Michaux of our Cyber team. We'd be delighted to hear from you.