Infosecurity Europe 2021 - What do we prioritise to manage third party risks?

Response: We believe that there needs to be a focus on assessing not just security risks, but also operational resilience and liability risks in event of disruption of citizen-centric services. Third-party risk assessments should focus on holistic operational risks, including physical locations, people, processes, and cyber, for critical components of composite services in the entire ecosystem. The government needs to support third parties in terms of an approach to a consistent benchmark and a roadmap to upgrade their capabilities. Organisations must also ensure that the risk reduction strategies they put in place do not stifle innovation.