The Higher Education Community Vendor Assessment Toolkit (HECVAT) has long served as the gold standard for third-party security evaluations in higher education. With the introduction of HECVAT 4.0, launching during Data Privacy Week in January 2025, institutions are...
The $8 million settlement in the Orrick security breach ranks among 2024’s most important data breach settlements. The case shows what it all means when companies don’t manage their third-party risk properly. Orrick LLP, a major law firm, faced a breach...
In 2023, 60% of healthcare data breaches were caused by third-party vendors, costing organizations an average of $10 million per incident. By 2024, the healthcare sector accounted for 28% of all third-party breaches across industries. These trends underscore the...
Cyber-attacks on the US power grid have exposed a concerning weakness: third-party vendors who can access critical infrastructure systems. Security experts tracked 23 major cyber-attacks that targeted energy sector suppliers in 2023. These vendors now represent a...
How big is your company’s attack surface? An organization must audit its third-party vendors for that question to be answered. The attack surface expands when organizations bring in a third-party vendor. More than half — 60% — of organizations work with more than...