Managing Vendor Cyber Risks: How Businesses Can Mitigate Third-Party Failures

On Wednesday, businesses worldwide experienced disruptions when Slack, a popular workplace communication tool, went offline due to a technical issue. The outage, which lasted several hours, forced teams to rely on alternative communication methods such as emails, phone calls, or in-person discussions. While the incident was quickly resolved, it highlighted a broader issue—businesses’ growing dependence on third-party software providers and the risks associated with their failures. 

While Slack’s downtime was inconvenient, other recent outages have had more severe consequences. In early 2024, Change Healthcare, a payment processing provider under UnitedHealth Group, suffered a ransomware attack that disrupted medical billing nationwide. Healthcare providers struggled to process insurance claims, delaying patient care and, in some cases, resorting to handwritten billing records. A few months later, CDK Global, a software provider used by car dealerships, was hacked, causing widespread operational shutdowns across the auto sales industry. 

In July, a major issue with cybersecurity firm CrowdStrike led to massive flight cancellations, grounding thousands of travelers worldwide.

These incidents demonstrate how companies, even with strong internal security measures, remain vulnerable to the weaknesses of their vendors. Cyber insurance and risk management company Resilience reported that in 2024, nearly one-third of the claims it processed were related to vendor-based cyber incidents, including outages and ransomware attacks.&nb

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.