Article
Employers that sponsor employee benefit plans (“EBP”) must deal with the danger of using third-party providers. But assessing vendors’ risks and interpreting their severity is challenging because breaches of their information systems can happen anytime.
Nearly All EBP Vendors are Under Attack
A survey from multinational professional services network Deloitte notes 87% of participating businesses experienced third-party incidents that “disrupted their operations,” and 11% experienced a relationship failure.
The ability to track a vendor’s information technology resilience in real-time solves the dilemma of monitoring mission-critical vendors and the cyber threats they face.
Such a capability also maintains up-to-date compliance records, streamlines communications, and can automate RFPs. Consistent vendor management enables EBP executives to enjoy increased transparency and reduced risks.
Vendor Tracking
Auditors from the U.S. Department of Labor (“DOL”) expect employers to assess the safety of their employee benefit plan service providers’ data systems. Yet when asked to respond to benefit plan committees’ inquiries, most vendors provide very few relevant details.
The answer to the challenge of uncovering the status of vendors’ data security methods is the artificial intelligence (“AI”) capability in Cyber-ProtectRC, which tests the performance of vendors’ networks 24/7 without the need for their cooperation or intervention.
Comprehensive Visibility
Ideally, an EBP’s cybersecurity capability can Instantly assess, comprehend, and constantly monitor the security posture of any benefit plan vendor anywhere in the world. In order to provide an unbiased, outside-in assessment of an organization’s cybersecurity posture, it should collect information from around the internet without being intrusive on the vendors.
Focused Perception of Danger
Roland|Criss’ cybersecurity program for EBPs finds and scores a plan’s most vulnerable vendors in ten risk variables:
- DNS health,
- IP reputation,
- web application security,
- network security,
- leaked data,
- cubit score (a threat indicator),
- hacker chatter,
- endpoint security,
- patching cadence, and
- social engineering.
Our vendor tracking program provides an easy-to-read overall rating scale with “A” the best and “F” the worst.
Meaningful Metrics for Assessing Cyber Risk
Our machine learning-tuned risk factor weights make better business and security decisions possible, which optimize the correlation between our ratings and the relative breach likelihood.
For example, vendors with an “F” rating are 7.7 times more likely than firms with an “A” rating to experience a breach, and vendors with a “C” rating are four times more likely to experience a breach than an “A” rated provider.
When vendor tracking and our EBP cyber risk assessment are combined, conformance with the DOL’s requirements is significantly enhanced.
