Skip to main content

About the author

Derek Duggan

Managing Director | Banks

Derek Duggan is Thomas Murray’s Managing Director, Banks. He originally joined Thomas Murray in 1995 as Head of Information Services. Derek now leads the large team that delivers our banking solutions. He’s responsible for our banking line of business, including all aspects of network management, client relationship management and sales.

In a perfect storm of inflation, war, and recovery from a global pandemic, organisations are facing unprecedented pressure on their supply chains. Amid the crisis, supply chain cyber risks cannot be ignored.

According to the Ponemon Institute, 60% of data breaches are caused by a company's suppliers and other third parties*; 58% of breaches target client data**. The conclusion? Never trust a company with your data without assessing their security first.

As a global organisation, we speak to hundreds of companies who use service providers to remain efficient and competitive.

Cyber risk should be treated like anti-money laundering (AML) and Know Your Customer (KYC) checks – you would never expose your company to terrorist financing or sanctioned individuals, so why would you open yourself up to companies with inadequate security?

Here are three ways every company can monitor their providers

  1. Due diligence
    IT security questionnaires are essential for understanding your providers’ controls, procedures, certification and history.
  2. Threat intelligence
    Many companies are now using threat intelligence to enhance their oversight with continuous monitoring of suppliers’ vulnerabilities, breaches, and other issues that could provide entry points to malicious actors.
  3. Escalation
    Sometimes monitoring is not enough. Where you encounter a high-risk organisation, you should act quickly to find out more, share intelligence and require them to build security. Where suppliers do not engage, you may need to terminate the relationship and avoid a potentially catastrophic security breach.

Thomas Murray’s risk platform includes due diligence and threat intelligence tools, so you can efficiently monitor your providers and build a secure network.

Orbit Diligence

Orbit Diligence

Automate your DDQ and RFI processes for a wide range of use cases, accessing a library of off-the-shelf questionnaires and risk frameworks.

Learn more

Contact an expert

Sarah Nelson

Sarah Nelson

Senior SaaS Sales Executive | SaaS sales

Phoebe Jordan , Managing Director | TPRM

Phoebe Jordan

Managing Director | TPRM