Skip to main content

It is a scenario eerily familiar to our times. When one body is put at risk, so is everybody in contact with it.

Being part of a resilient community can reduce that risk. In epidemiology, it is called “herd immunity.” In cybersecurity, third-party risk management (TPRM) is supposed to provide it. In the same way a disease peters out when it cannot contaminate enough people, a breach cannot spread when its surroundings are secure.

But the “me versus them” mentality of standard TPRM approaches makes that resilience difficult to achieve. Third parties tend to be an afterthought in cybersecurity; fourth parties and beyond tend to be ignored entirely.

Businesses often assume that third-party risk can be managed based on the amount of data shared or its sensitivity. That is not wholly misled, but it does ignore that a breach affecting some innocuous data can rapidly infect other areas. An ecosystem approach solves that by reorienting cybersecurity, and by extension TPRM, around a collective “us.”

An ecosystem approach takes the "me versus them" mentality of standard TPRM and reorients it around a collective "us.”

This new approach to cyber resilience is timely.

The average cost of a data breach included in IBM’s 2022 Cost of a data breach report is higher than ever at US$4.35 million, and almost one-fifth of the breaches resulted from a business partner being compromised. Their costs and containment times were higher than the averages across all breaches, and their identification times were longer.

This report offers the following perspectives to address the problem:

  • The status of TPRM in cybersecurity
  • Third-party value chains versus platform-based ecosystems
  • Balancing inherent risk with residual risk
  • Aspirational versus operational considerations

Download the Report

Related Resources

shifting wallets tile image, black with globe & text overlay
Shifting wallets: New consumer spending habits

Consumer spending in 2022 has shifted in what, where and when consumers are making purchases. Much of this has been driven by a consumer desire for more control after three years of uncertainty. But with evolving macroeconomic trends, do we dare call this the “new normal”?

poland banking sector report tile image
Cybersecurity insights for the banking sector in Poland

Banking, finance and insurance sectors are the top targets for attackers, accounting for every fourth attack in Poland. The good news is that Poland’s banking sector is one of the best in managing cybersecurity risks and the number of active cyber threat actors in Poland is decreasing.

cyber blog tile image
How to invest wisely in cybersecurity

What information do security executives need to make informed investment decisions? Learn the key points on how to invest wisely in cybersecurity in this blog.

Mastercard Recovery Insights
Recovery Insights
Chronicles of the New Normal: Cybersecurity

This week we’re looking at cybersecurity. Consider the word “resilience.” It describes someone or something that comes back stronger after a setback. In 2020, that setback is Covid-19.