Third-Party Risk Management: How to Grow a Mature ProgramDave Stapleton of CyberGRX on Building a Secure Vendor Risk Foundation
Enterprises globally recognize the challenge of third-party cyber risk, but they still struggle with the risk management. Dave Stapleton of CyberGRX discusses the elements of a mature program, including the role of risk ratings.
There are many reasons why enterprises struggle with third-party risk, says Stapleton, CISO at CyberGRX. And a big part of it is funding.
"A lot of people recognize that it's a must, but it's just not as sexy as some other cybersecurity issues," he says. "And I think it can be difficult to convince the executives or the boards to provide the funding that's needed to implement a truly mature program."
In an interview about growing a mature third-party cyber risk program, Stapleton discusses:
- Where enterprises commonly struggle;
- The role of risk-ratings services vs. validated inside out assessments;
- The key elements for building a mature program.