exploding binary code

Concern rises over cyber attacks on suppliers

What CISOs Worry About in 2018
  •  44% of respondents predict that a supplier will misuse or share confidential information with other third parties.
  •  42% worry most about a supplier data breach.
  • 60% responded that their concern about experiencing a data breach caused by a supplier had increased since last year, with 21% indicating that their concern had increased significantly.
  • 51% felt that they were likely to have a data breach in the coming year resulting from a “failure to control third parties' use of our sensitive data.”
  • 42% felt that “visibility into the sensitive data accessed & used by third parties” could drive improvement to the organization's cybersecurity posture.
Cybersecurity Considerations for Benefit Plans 1.  Understand the data you are protecting.
  • What specific data is needed by a service provider?
  • How is the data is exchanged with the provider?
  • Where is the data is stored?
  • Who has access to the data?
  • What data needs to be retained?
2.   Keep an inventory of all benefit services provider relationships. 
  • Recordkeepers
  • Fund managers
  •  Third-party administrators (TPAs)
  • Custodians
  • Actuaries
  • Auditors
  • Trustees
  • Advisors
  • Consultants
  • Other specialists, including automatic rollover and portability service providers
3.  Establish a framework for evaluating service providers' cybersecurity. HITRUST 14 questions 4. Conduct provider assessments.
  • Provider self-assessments and responses to your questions
  • Independent audits (ex. – SOC 2)
  • Third-party security services assessment
  • Direct audits of providers
5. Incorporate evaluation & assessment approach into future procurement activities
  • Include standard, cybersecurity questions in your RFPs, and into RFP scoring
  • Incorporate security provisions into services agreements
Mike Goode RCH
NOT FOR REPRINT

© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.