Our dependence on service providers and SaaS applications increases every year: HR, payroll, project management, business processes... Third-party risks directly threaten business operations. The approach is now fairly well established for CISOs. For all new suppliers, it is nece…
ARTICLE
Facing the growing threat, companies and organizations have no choice but to invest in their cybersecurity. In addition to technological tools for cyber risk management, taking out cyber insurance has become essential.
The consequences of a cyberattack are numerous, and being cov…
ARTICLE
In June 2024, 77 entities, including 10 French banks, fell victim to a remote access Trojan called "DroidBot." Resold to cybercriminal networks, more than 776 infections were detected in Western Europe within banking organizations, cryptocurrency platforms, and financial companie…
ARTICLE
The due diligence process, also known as reasonable diligence, is an essential in-depth investigation that companies must perform before establishing business relationships with third parties, particularly suppliers. This process often includes a supplier due diligence to assess …
ARTICLE
External Attack Surface Management (EASM): assess, prioritize, remediate
External Attack Surface Management (EASM) encompasses the practices, procedures, and tools aimed at mapping, monitoring, and securing all of a company’s digital assets exposed on the Internet. It provides or…
ARTICLE
How do you assess the cyber maturity of your supply chain?
Crédit Agricole has several thousand suppliers who do not all have the same level of cyber maturity. Large companies have anticipated and are following regulatory developments such as DORA, which establishes principles bu…
ARTICLE
Cyber risk management for suppliers: digital service providers face the dual challenge of compliance and performance
With the rise in cyberattacks and the introduction of new European regulations (NIS2, DORA, CRA), digital services companies (DSCs) are facing a strategic challen…
ARTICLE
In the healthcare sector, the security and confidentiality of personal data are essential issues. With this in mind, the Healthcare Data Hosting (HDS) certification was introduced to meet these requirements.
HDS certification aims to strengthen the protection of health data and e…
ARTICLE
Facing the digitalization of their activities, companies must now deal with a growing risk of cyber threats. Financial losses, theft of sensitive data, damage to brand image… the impacts of an incident are numerous. In 2024, the French National Cybersecurity Agency (ANSSI) observ…
ARTICLE
Why is cyber risk particularly critical in aviation?
The aviation sector is considered highly critical because the operational impact of an incident can be immediate and dramatic. If planes can no longer take off or land, the consequences extend far beyond the affected company: a…
ARTICLE
According to the 2025 TPRM Observatory conducted by CESIN and Board of Cyber, 82% of respondents now consider supplier-related cyber risk to be "important" or "very important"—a clear signal that the digital supply chain remains a major point of vulnerability. Another revealing i…
ARTICLE
Why has supplier risk become a major cybersecurity issue?
Supplier risk is significant, but it does not fully describe the challenges currently facing businesses. At AXA France, we mainly support SMEs and mid-cap companies, which are less focused on managing their supply chain th…
ARTICLE
NIS2 and Local Authorities: Towards concrete and shared compliance
The NIS2 directive, expected to be transposed into French law in September 2025, would impose new obligations on local and regional authorities, particularly those with more than 30,000 inhabitants. It would invol…
ARTICLE
Has cyber risk become a top-tier risk for an investment fund like Seven2?
Today, cyber risk is a major industrial risk. A mismatch between the level of risk and the resources deployed can lead to a serious incident. Action must therefore be taken on two levels: daily operations a…
ARTICLE
In today's digital age, protecting information systems is a priority for all organizations, regardless of their size (SMEs, mid-cap companies, large corporations) and their sector of activity (banking, insurance, manufacturing, automotive, aviation, logistics, agri-food, etc.). T…
ARTICLE
As a business, you rely on numerous suppliers and partners to carry out your activities. While outsourcing can be a source of agility and performance, it can also expose you to risks and lead to data loss or business interruption.
And the consequences can be far-reaching, affecti…
ARTICLE
TPRM (Third-Party Risk Management) is part of a proactive approach to monitoring and controlling risks associated with supplier failure. In a context where companies and government agencies rely heavily on external partners (IT service providers, SaaS publishers, HR firms, etc.),…
ARTICLE
6 clauses contractuelles de sécurité pour limiter les risques cyber fournisseur.
Les entreprises et administrations sont aujourd’hui totalement dépendantes de leur chaîne de fournisseurs pour presque toutes leurs activités. En cause, l’impossibilité d’être efficient sans avoir re…
ARTICLE
CESIN and Board of Cyber unveil the 2024 Observatory on Cyber Risks Linked to Suppliers
This second edition surveyed more than 100 cybersecurity leaders, members of CESIN, from organizations of all sizes and sectors, about how they manage supplier-related cyber risk — methods, to…
E-BOOK
Managing cyber risk associated with suppliers is now a strategic issue for all organisations.
In this third edition of the Supplier Cyber Risk Observatory, Board of Cyber and CESIN give a voice to more than 170 CISOs, CIOs, CTOs and compliance directors based in France.
Their fee…
E-BOOK
