Blog
What is Fourth Party Risk?
Abstract shapeAbstract shape
Join 27,000+ cybersecurity newsletter subscribers

Every company outsources parts of its operations to multiple suppliers. Those suppliers, in turn, outsource their operations to other suppliers. This is fourth party risk. The risk to your company posed by suppliers' suppliers.

Another reason why vendor risk management is so important. 

But it can be confusing, can't it? The best way to frame it with a case study, so please read on!

You help look after Information Security at a manufacturing company.

Your company has got a policy for everything, including the policy to regularly maintain all the policies.

The cybersecurity staff training program you started is now underway, and you're becoming confident that employees are gradually learning not to open all the emails.

You're in the top 5% of InfoSec teams and use a risk scoring platform such as UpGuard Vendor Risk to scale your team with automation. You're scoring and monitoring your third-party vendors, and automating your vendor security questionnaires.

It's August 9th, 2018. You read UpGuard's report disclosing a breach at Level One Robotics. Very interesting, but you double-check your third-party vendors in Vendor Risk, and there's no possible impact as your company isn't directly engaging Level One. Third-party risk - zero.

But wait. You use Vendor Risk to drill down a bit deeper, and more facts emerge:

  • Vendor Risk tells you that Level One Robotics is using BlueHost, a web hosting company.
  • Your company has started a project to outsource web hosting to BlueHost.
  • This was a breach involving the rsync tool, possibly caused by misconfiguration of web-facing infrastructure.
  • You immediately notify the project team who begin making enquiries with BlueHost about the impact to the project.
  • You then prepare a set of security questions tailored to this type of risk for BlueHost to resolve. This is easy, because you are already automating vendor security questionnaires with Vendor Risk.

You've just managed your exposure to fourth party risk. It's not just your suppliers, but your suppliers' suppliers that matter.

 

fourth-party-risk

Fourth-party risk increases exponentially with your third-party vendors.

 

Fourth-party relationships can get really complicated, and quickly become exponential. If your company uses 30 third-party vendors, and each of them use 30 vendors. That's 900 vendors to monitor. A breach at just one of those vendors could cascade through to your business.

How UpGuard can help

UpGuard Vendor Risk's fourth party vendor monitoring helps you manage the increasingly complex world of third and fourth-party risk.

 

levelone-fourth-parties

UpGuard Vendor Risk helps you monitor your fourth-party risk exposure.

 

Using UpGuard Vendor Risk, you can quickly drill down to fourth-parties and monitor your exposure to their risks. By doing this, you're staying across this emerging problem, with our automation helping you your scale your team.

Free eBook

The Buyer's Guide to Third Party Risk Management

Are you looking at a solution to help your business manage third-party vendor risk? Learn about the capabilities you need to understand your cyber risk, manage your vendors, and avoid data breaches.
UpGuard logo in white
The Buyer's Guide to Third Party Risk Management
UpGuard free resources available for download
Learn more

Download our free ebooks and whitepapers

Insights on cybersecurity and vendor risk management.
UpGuard logo in white
eBooks, Reports & Whitepapers
UpGuard free resources available for download
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

See UpGuard In Action

Book a free, personalized onboarding call with one of our cybersecurity experts.
Abstract shapeAbstract shape

Related posts

Learn more about the latest issues in cybersecurity.

Sign up to our newsletter

Get curated cybersecurity news and updates in your inbox every week.
Abstract shapeAbstract shape
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
Website Security scan resultsWebsite Security scan ratingAbstract shape