This report provides Advanced Cyber Security Center executives weighing in on the Board’s role as a strategic partner to management in balancing digital transformations and cybersecurity risks.

Every organization, industry and economy around the world is confronting more risks than ever before. Considering this backdrop, it’s troubling that many organizations report that they may be less prepared than they have ever been. A key insight from Aon’s 2019 Global Risk Management Survey is that organizations need to be more prepared for the broad range of risks that threaten their ability to continue growing, protecting their brand and serving clients and stakeholders.

CyberGRX and Ponemon Institute surveyed over 600 IT security professionals to learn more about the cost and efficacy of the tools and processes used to conduct third-party cyber risk management today. The survey respondents come from a variety of industries and are all involved in managing their organizations’ third-party cyber risk management programs (TPCRM). All organizations represented in the study have TPCRM programs and believe it is critical to have cybersecurity risk management controls in place

This is the fifth annual report from the Huawei Cyber Security Evaluation Centre (HCSEC) Oversight Board. HCSEC is a facility in Banbury, Oxfordshire, belonging to Huawei Technologies (UK) Co Ltd (Huawei UK), whose parent company, Huawei Technologies Co Ltd, is a Chinese headquartered company which is now one of the world’s largest telecommunications providers.

The essays in this eBook provide a wealth of information and present an inside look at an aspect of cybersecurity that is still not well understood. I am certain that anyone responsible for critical industrial operations will benefit from the advice and experiences of those who have contributed to this eBook.

This paper offers insight and direction to election officials seeking to assess the security of their entire election ecosystem.

This report offers insight for institutions of higher learning seeking to understand that regulations and issues surrounding cybersecurity on campus.

The Internet of Things: A New Era of Third Party Risk was sponsored by Shared Assessments and conducted by Ponemon Institute to understand organizations’ level of awareness and preparedness for the upcoming enterprise IoT wave. We hope the research findings will help organizations address the risks associated with the proliferation of IoT devices. We surveyed 553 individuals who have a role in the risk management process and are familiar with the use of IoT devices in their organizations.

Outsourcing is a fact of life for healthcare organizations, from routine functions such as food services and laundry to regulatory compliance and clinical activities. Large numbers of vendors must be properly managed in order to reduce clinical, financial and regulatory risk. This paper discusses how to reduce complexity in third-party vendor risk management, and how to turn uncertainty and confusion into efficiency and confidence.

This report offers insights into why a CSIRT is crucial in today’s world. It provides some helpful tips and steps that can improve any organization’s response team.

From the Report, “When you are faced with multiple risks and regulatory requirements, as well as constantly-changing industry trends, how do you connect the dots? How do you bring all this information together in a way that is meaningful to your organization? MetricStream Research offers you a range of cutting-edge GRC research reports, insights, and analyses that empower you to make informed and effective decisions on your GRC Journey®. Through primary and secondary research, we analyze the latest GRC trends and developments, and transform this data into the intelligence you need to drive exceptional performance.”

This paper recognizes the growing evolution of compliance programs, and asks the question how can we use those events as a trigger for growth? They offer a few best practices that can help organizations make their compliance program an enabler for growth.

“The future of GRC will not just be about managing known risks or monitoring compliance. It will be about sustaining an organization’s social license to operate.”

This report takes a look at the risk involved with third party cybersecurity issues.

Aon’s Cyber Solutions explores eight specific risks that organizations may face in 2019 no matter where they are on their digital journey.

This survey, conducted by Forrester Consulting on behalf of BitSight, offers insight in to the critical role that Vendors play in key business functions and how they can create security risks and issues.

The State of Payment Processing & Fraud: 2018 Inaugural Survey & Report is a first-of-its kind study brought to you by Kount and The Fraud Practice. The inaugural survey reached hundreds of acquirers, processors, gateways, payment facilitators and issuers to get their take on the state of the industry and what is most critical for attracting and retaining clients and growing processing volumes.

From the report, “The 2018 Mobile Payments and Fraud Survey marks the sixth consecutive year of this study. This year’s report, with nearly 600 merchant respondents, is focused on understanding the growth, challenges and developments in the mobile channel. The report also set out to provide a better understanding of how the mobile market has evolved since the inaugural survey report in 2013.”

Kount and The Fraud Practice designed the State of CNP False Positives survey because false positives are one of the least, if not the least, understood aspects of risk management. While merchants tend to focus directly on chargebacks and fraud losses, false positives are another major source of lost revenue but are often underestimated if not ignored altogether.

The Fraud Prevention Industry Benchmarks Survey was focused specifically on merchants doing business in the Card or Customer Not Present (CNP) channel. This study was designed to gain insights and information for comparison of key performance indicators (KPIs) such as manual review rates, chargeback rates, false positive rates and other metrics across different types of merchants, while the analysis report is intended to serve as an industry resource and point-of-reference for organizations looking to benchmark and compare the performance of their fraud prevention strategy against others in their vertical.

Abstract: Enterprises increasingly operate in a digitally interconnected world where third parties like suppliers, customers, channel partners, and others are often directly connected to their internal IT systems, and where their underlying IT infrastructure may be owned and managed by an outside organization. These business relationships can knowingly or unknowingly introduce different types of risks that need to be identified and managed as if these third parties were part of the enterprise itself. Recorded Future’s latest risk intelligence offering enables threat intelligence teams to better understand, monitor, and measure their real-time exposure to these third-party risks. Armed with this information, organizations can better assess and prioritize risk mitigation actions.