Security News > 2020 > January > Critical Steps in Managing Vendor Security Risk

In light of recent ransomware and other cyberattacks against vendors serving numerous healthcare organizations, it's critical to develop and deploy comprehensive vendor risk management programs, says John Farley managing director of the cyber practice at Arthur J. Gallagher & Co., a provider of cyber insurance and risk management consulting.

"It's very common that it's the vendor that gets hacked, and therefore you're going down. You're not the direct target of the cyberattack; it's your vendor," Farley says in an interview with Information Security Media Group.

In implementing a strong third-party security risk management program, "You're asking your vendors the same questions you ask of yourself in terms of data controls, data security - and requiring that in a contract," he says.

Farley, who has more than 20 years in risk management, leads Arthur J. Gallagher & Co.'s cyber practice.

In this role, he assists clients across all industries in navigating the cyber insurance markets while providing guidance on emerging regulatory risk, cyberattack techniques, cyber risk prevention and data breach cost mitigation strategies.

News URL

https://www.inforisktoday.com/interviews/critical-steps-in-managing-vendor-security-risk-i-4573