
Concern rises over cyber attacks on suppliers
What CISOs Worry About in 2018- 44% of respondents predict that a supplier will misuse or share confidential information with other third parties.
- 42% worry most about a supplier data breach.
- 60% responded that their concern about experiencing a data breach caused by a supplier had increased since last year, with 21% indicating that their concern had increased significantly.
- 51% felt that they were likely to have a data breach in the coming year resulting from a “failure to control third parties' use of our sensitive data.”
- 42% felt that “visibility into the sensitive data accessed & used by third parties” could drive improvement to the organization's cybersecurity posture.
- What specific data is needed by a service provider?
- How is the data is exchanged with the provider?
- Where is the data is stored?
- Who has access to the data?
- What data needs to be retained?
- Recordkeepers
- Fund managers
- Third-party administrators (TPAs)
- Custodians
- Actuaries
- Auditors
- Trustees
- Advisors
- Consultants
- Other specialists, including automatic rollover and portability service providers

- Provider self-assessments and responses to your questions
- Independent audits (ex. – SOC 2)
- Third-party security services assessment
- Direct audits of providers
- Include standard, cybersecurity questions in your RFPs, and into RFP scoring
- Incorporate security provisions into services agreements
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.