Each new third party that is granted access to or resides on an internal network is a new vector through which a bad actor can attack and infiltrate the bank.Īccording to a recent report from the Ponemon Institute, an independent research organization focused on information security, 54 percent of the companies surveyed for the report have experienced a data breach caused by one of their third parties in the past year. However, the benefits of outsourcing these activities naturally come with added risk. Outsourcing certain activities often provides a cost-effective alternative to hiring specialized in-house staff. The range of services banks seek to outsource continues to grow as technologies evolve and the array of potential services continues to expand with the rise of financial technology, or fintech, partnerships. Third-party service providers are a fact of life in modern community banking. Third-Party Cybersecurity Risk Management - Updates for a Changing Risk Environmentīy Ray Bolton, Cyber Risk Management Specialist, Supervision and Regulation, Federal Reserve Bank of Chicago, Jennifer Judge, Cyber Risk Management Specialist, Supervision and Regulation, Federal Reserve Bank of Chicago, and Patrick McAntire, Senior Community, Regional, and Specialty Bank Examiner, Supervision and Regulation, Federal Reserve Bank of Chicago
