The document discusses a survey conducted by the Economist Intelligence Unit on how corporate treasurers are addressing cyber risks posed by third parties. It highlights the gaps in cybersecurity measures among various sectors, such as the lack of customer identification enforcement and inadequate data breach procedures for third-party suppliers. Additionally, it emphasizes the importance of employee training, access controls, and cybersecurity information sharing to mitigate risks and improve resilience against cyber threats.

1. THIRD-
PARTY
RISKS:
The cyber
dimension
In April–May 2017 The Economist Intelligence Unit (EIU), on behalf of Deutsche Bank,
surveyed 300 senior corporate treasurers from across the globe, to find out how they are
responding to cyber risks and opportunities posed by third parties. Based on these
survey findings, this infographic explores where these evolving risks and opportunities
occur. It highlights what they may mean for the corporate treasurer in terms of reducing
identified vulnerabilities and exploring how they can stay ahead of cyber-criminals.
59% use both internal
and external testing 33% only use
internal testing
have methods for enforcing
additional customer
identification in high risk
scenarios but in the
following sectors the
percentage is much lower:
have methods for enforcing
additional customer
identification in high risk
scenarios but in the
following sectors the
percentage is much lower:
83%
43%
of professional
service firms
25%
of construction
and real estate
companies
44%
38%
of manufacturing
companies are
not checking
construction/
real estate
38% of agricultural
companies are
not checking
of natural
resource
companies
47%
32% of energy companies
are not checking
of respondents check legal
compatibility but
vulnerabilities remain
80%
25% agricultural
25% chemical
19% automotive
provide formal
training for
contract
workers
of companies require
formal training for
corporate treasurer
employees
provide formal
training for
third-party
vendors
92% 77% 53%
How data is maintained impacts
business continuity.
How data is maintained impacts
business continuity.
Regulation is often blamed for increasing cost,
reducing efficiency and generally complicating business
relationships – and yet
Regulation is often blamed for increasing cost,
reducing efficiency and generally complicating business
relationships – and yet
RISK CONTAGION RISKS CAN EMERGE FROM SECTORS WITH LOWER DUAL TESTING APPROACHES
SECTORS THAT HAVE DUAL TESTING
2
When it comes to using, sharing and keeping data,
companies need to be certain of two things:
The information about individuals and companies has been authenticated as part
of KYC and AMLprocedures
That they and their third-party suppliers are using the same data sovereignty laws
Not all companies in all sectors are checking
that their suppliers are using the same
identity authentication methods
3
To limit the threat of a data breach, access to confidential
information has to be controlled.
RISK IF COMPANIES DO NOT HAVE AN IN-HOUSE PROCESS, IT MAY NOT ONLY EXPOSE THEM
BUT ALSO THEIR CLIENTS TO UNNECESSARY RISKS
RISK BY NOT PARTICIPATING COMPANIES ARE MISSING OUT ON LEARNING WHICH STRATEGIES
AND PRACTICES WORK BEST
93%
96%
of respondents have taken
full steps over the past 12
months to ensure that
there are employee access
controls to confidential
company information/
documentation
of respondents have
an in-house process to
ensure limitations on
third-party access to
their systems data
4
5
of companies keep a
complete inventory of
all third-party suppliers
that handle employee
and customer data
85% of companies do not
require third-party
suppliers to have
procedures in place to
handle data breaches
20%
Cyber-security information sharing partnerships allow companies to exchange cyber-threat
information in a confidential way in real time which helps to increase awareness of risk.
of respondents participate
in cyber-security
information sharing
partnerships with other
financial institutions
of financial
institutions
participated
in these
partnerships
70%
78%
of respondents say
financial regulation
definitely has a
positive effect when
working with third
parties
said it has a
somewhat
positive effect
39%
RISK THIRD PARTIES THAT DO NOT COMPLY WITH CHANGES IN FINANCIAL REGULATIONS MAY
LOSE CUSTOMER LOYALTY
AUTHENTICATION
EMPLOYEE &THIRD-PARTY
ACCESS &TRAINING
DATA SECURITY
A REGULATORY SURPRISE
44%
PENETRATION TESTING
The use of simulations to determine what type of damage could result if IT systems
are attacked from an internal or external source – is critical for a company’s health.
1
SECURITY TESTING
Source: The Economist Intelligence Unit survey, April–May 2017
Copyright: © The Economist Intelligence Unit, 2017