Insights blog.

Are you and your company at the early stages of implementing a supplier risk management program — or are you just beginning to explore the idea? Either way, there’s a lot to learn when it comes to assessing your digital supply chain vendors for cyber risk, and it may feel a little bit daunting at first. Perhaps you’re a bit afraid to ask some of the more basic questions that have you stumped.

How is one questionnaire different from another, and how do you decide which ones to use in vendor risk assessments? We compare CAIQ vs. SIG.

You've worked hard all year to prioritize your organization's resources to tackle the riskiest vulnerabilities in your cybersecurity program. But when you bring your progress to the board of directors, excited to demonstrate your success, your reports about patched network configurations, DNS configurations, botnet sinkholes, and more are met with blank stares.

A strong, collaborative, and informed relationship between the Chief Information Security Officer (CISO) and the Board of Directors is essential for maintaining a robust cybersecurity program.

Learn how to improve supply chain resilience and combat third-party risk through continuous, automated monitoring of your vendors’ risk postures.

Vendors and third party partners are essential to helping your business grow and stay competitive. But outsourcing to third parties also dramatically increases your attack surface. A recent independent study by Opinion Matters found that 92% of U.S. organizations have experienced a breach that originated with a vendor. 

In today’s business environment, companies are often focused on how to best use technology to acquire new customers and improve the customer experience, as these IT applications help generate revenue for the organizations. But every CISO knows the more IT infrastructure connected to a system, the larger the organization’s attack surface is—which translates to more cyber risk. 

About 25 years ago, the evolution of the overall digital ecosystem necessitated the creation of the first CISO role. Now, 61% of companies have a CISO. 

Recently, organizations were alerted to nearly 100,000 exposed ICS, potentially allowing an attacker to access and control physical infrastructure. Discover the risks.

When it comes to reporting to the board, there are plenty of tools at the CISO’s disposal. Looking at the right metrics and putting them in the right context can help turn your next board meeting into a source of confidence, not stress. Here are some helpful tips to create successful frameworks for your board reports.

In a recent Huffington Post article, Shared Assessments senior director Tom Garrubba discussed how third-party risk management has become an important topic to many executives and board members around the world. He recalls a conversation he had with Robin Jones, a member of the U.K.’s Financial Conduct Authority (FCA), during a conference in London. Jones expressed that his “unit [has been] paying renewed focus on technology resiliency and outsourcing.” 

A recent report from Forrester called CISOs’ Tactics to Win Every Budget Battle suggests that companies turn towards “growing revenue, customer retention, and operating in specific verticals and regions” to gain security budget.

As cyber threats evolve and business models change, maintaining a mature cybersecurity program can be challenging. You need to be confident that your organization’s current security tools and techniques are effective.

Compliance vs. Risk management. How your organization can unify its efforts to ensure cyber resilience.

These 14 cybersecurity analytics can help you make better cyber insurance decisions for underwriters, insurance buyers, and security professionals.