Our dependence on service providers and SaaS applications increases every year: HR, payroll, project management, business processes... Third-party risks directly threaten business operations. The approach is now fairly well established for CISOs. For all new suppliers, it is nece…
ARTICLE
Facing the growing threat, companies and organizations have no choice but to invest in their cybersecurity. In addition to technological tools for cyber risk management, taking out cyber insurance has become essential.
The consequences of a cyberattack are numerous, and being cov…
ARTICLE
In June 2024, 77 entities, including 10 French banks, fell victim to a remote access Trojan called "DroidBot." Resold to cybercriminal networks, more than 776 infections were detected in Western Europe within banking organizations, cryptocurrency platforms, and financial companie…
ARTICLE
The due diligence process, also known as reasonable diligence, is an essential in-depth investigation that companies must perform before establishing business relationships with third parties, particularly suppliers. This process often includes a supplier due diligence to assess …
ARTICLE
External Attack Surface Management (EASM): assess, prioritize, remediate
External Attack Surface Management (EASM) encompasses the practices, procedures, and tools aimed at mapping, monitoring, and securing all of a company’s digital assets exposed on the Internet. It provides or…
ARTICLE
Cyber risk management for suppliers: digital service providers face the dual challenge of compliance and performance
With the rise in cyberattacks and the introduction of new European regulations (NIS2, DORA, CRA), digital services companies (DSCs) are facing a strategic challen…
ARTICLE
In the healthcare sector, the security and confidentiality of personal data are essential issues. With this in mind, the Healthcare Data Hosting (HDS) certification was introduced to meet these requirements.
HDS certification aims to strengthen the protection of health data and e…
ARTICLE
Facing the digitalization of their activities, companies must now deal with a growing risk of cyber threats. Financial losses, theft of sensitive data, damage to brand image… the impacts of an incident are numerous. In 2024, the French National Cybersecurity Agency (ANSSI) observ…
ARTICLE
NIS2 and Local Authorities: Towards concrete and shared compliance
The NIS2 directive, expected to be transposed into French law in September 2025, would impose new obligations on local and regional authorities, particularly those with more than 30,000 inhabitants. It would invol…
ARTICLE
In today's digital age, protecting information systems is a priority for all organizations, regardless of their size (SMEs, mid-cap companies, large corporations) and their sector of activity (banking, insurance, manufacturing, automotive, aviation, logistics, agri-food, etc.). T…
ARTICLE
As a business, you rely on numerous suppliers and partners to carry out your activities. While outsourcing can be a source of agility and performance, it can also expose you to risks and lead to data loss or business interruption.
And the consequences can be far-reaching, affecti…
ARTICLE
TPRM (Third-Party Risk Management) is part of a proactive approach to monitoring and controlling risks associated with supplier failure. In a context where companies and government agencies rely heavily on external partners (IT service providers, SaaS publishers, HR firms, etc.),…
ARTICLE
CESIN and Board of Cyber unveil the 2024 Observatory on Cyber Risks Linked to Suppliers
This second edition surveyed more than 100 cybersecurity leaders, members of CESIN, from organizations of all sizes and sectors, about how they manage supplier-related cyber risk — methods, to…
E-BOOK
Get your copy as soon as the report is released
Managing cyber risk associated with suppliers is now a strategic issue for all organisations.
In this third edition of the Supplier Cyber Risk Observatory, Board of Cyber and CESIN give a voice to more than 170 CISOs, CIOs, CTOs and…
E-BOOK
