Supply-Chain and Third-Party Risks

In brief: This tool helps directors to consider where there may be gaps in the corporation’s cybersecurity due to third-party vulnerabilities. The piece provides key questions for directors to pose to management to ensure that third-party and supply-chain risks are addressed. This brief was written by Lisa Humbert, operational risk officer of the Americas, Bank of Tokyo Mitsubishi, MUFG, and Tim McKnight, chief security officer, SAP. It originally appeared in the Cyber-Risk Oversight 2020: Key Principles and Practical Guidance for Corporate Boards.

This resource can help your board to 

• pose questions to management to assess third-party and supply-chain risks,
• provide oversight of the third-party risks to the corporation, and
• consider the board’s understanding of supply-chain risks facing the corporation.

Most relevant audiences: Risk committee chairs and risk committee members