Skip to main content

Are You Prepared For Your Vendor's Data Breach?

CSR Thoughts...

If you use a vendor in any capacity that allows them to receive, view, or transmit any of the personal data your business controls, your business must maintain active oversight of the vendor.  It is important to remember that when a vendor performs a service or function, your business bears ultimate responsibility for compliance.  With good vendor management, you can minimize the risk of less direct oversight or control and maximize the benefits gained through a well-managed vendor relationship.
CSR is committed to helping small  and medium size businesses learn how to protect themselves from a data breach, including breaches caused by vendors.  




Since the Target and Home Depot breaches were traced to intrusions at their vendors, the management of cybersecurity at third-party vendors has been a focus of companies and regulators. The FTC has flagged the issue, as has the SEC. The DoD has imposed strict cybersecurity requirements for contractors that "flow down" to sub-contractors.
But despite an increasing focus on the full lifecycle of third-party risk management, vendor incidents continue to represent a high percentage of reported data breaches. According to a March 2016 Ponemon Institute report, 49 PERCENT OF SURVEY RESPONDENTS INDICATED THAT THEIR ORGANIZATION EXPERIENCED A DATA BREACH CAUSED BY A VENDOR.