Guidelines for Third-Party Security Assessments

Guidelines for Third-Party Security Assessments

See how you can manage risks to protect your business from cyberattacks and crimes.
63 percent of all data breaches can be linked either directly or indirectly to third-party access, according to a recent survey.1
Hackers are increasingly targeting weak links in a business’s supply chain in order to tunnel their way into systems and networks, potentially gaining access to sensitive data that can cripple organizations of all sizes.
While 94 percent of business decision makers say they are moderately to extremely concerned about the impact cyber risk has on their firm,2 more focus needs to be placed on the evolving threat of third-party breaches. Here’s how you can protect yourself.

Managing Risk

  • Take an inventory of your third-party vendors. The first step in a third-party security assessment is documenting all vendors that your business partners with. While this can be a complex task for large organizations, it’s difficult to put a security plan in place without knowing all the players with network access.3
  • Know your Vendor. Ensure vendors have security policies and disaster recovery plans in place and update them regularly. Confirm they routinely perform data back-ups and have a redundancy of back-up servers to avoid service interruptions in the event of a failure. Finally, check to see if they perform comprehensive background checks on employees with access to your data.4
  • Grant vendors the access they need and nothing more. Many vendors are given broad VPN permission when they only need access to a limited amount of servers. Grant only the access they need to perform their specific tasks.5
  • Perform regular auditing. Regular security audits are imperative to staying on top of your vendors’ activity. By monitoring all movement on your network, vulnerabilities and weaknesses can be identified in a timely fashion.6

Role of Insurance

Even with a strong third-party security plan in place, your business can still be a victim of a costly data breach. Consider purchasing cyber liability coverage to protect your business - for more information, contact an agent from The Hartford, or visit our CyberChoice First Response product page. For technology focused businesses, please visit the FailSafe technology E&O site.
As a policyholder of The Hartford, your organization has access to cybersecurity services and resources, including The Hartford’s Cyber Breach Helpline and CyberChoice First Responders, as well as employee training and education to help reduce your organization’s risk while ensuring delivery of its critical services. Visit The Hartford Cyber Center para conocer más.
2 2019 Decision Maker 1H Pulse Survey
Links from this site to an external site, unaffiliated with The Hartford, may be provided for users' convenience only. The Hartford no controla o revisa estos sitios. La provisiòn de cualquiera de estos enlaces no implica la aprobación o asociación de The Hartford con dichos sitios. The Hartford no es responsable y no ejerce ningún tipo de representación o garantía relacionadas con los contenidos, integridad, precisión o seguridad de cualquier material publicado en dichos sitios. Si usted decide ingresar a sitios que no pertenezcan a The Hartford, lo hace bajo su propia responsabilidad.
The Hartford Financial Services Group, Inc., (NYSE: HIG) operates through its subsidiaries, including the underwriting company Hartford Fire insurance Company, under the brand name, The Hartford,® and is headquartered in Hartford, CT. For additional details, please read The Hartford’s legal notice at
The Hartford Staff
The Hartford Staff
Our editorial team spans writers, researchers, product specialists and subject matter experts. We cover the intersection where best practices and business insights meet.