Proactively monitor third party data policies and day-to-day practices to ensure compliance with data privacy and security laws.
Cyberattacks and data-breaches leap from the headlines daily, resulting in reputational damage and loss of customer trust, fines and significant remediation expenses. The 2016 Poneman Institute’s 2016 Cost of Data Breach Study, estimates that the average consolidated total cost of a single data breach to be $4 million. There’s a growing list of data breaches that can be traced to third party suppliers, and the associated costs can be staggering:
Target – in 2013 hackers gained access to Target’s network via credentials stolen from a third party HVAC vendor. Around 40 million credit and debit card accounts were stolen. The total cost of the incident is estimated to be over $300 million.
AT&T Services Inc – in 2013, employees of an AT&T service provider violated privacy guideline and without authorization obtained customer details that were allegedly used to request unlock codes for stolen mobile phones. As a result of the breach, AT&T agreed to settle an FCC investigation and pay a $25 million fine.
Home Depot – in 2014, Home Depot disclosed a breach perpetrated by hackers who initially compromised the system using credentials stolen from a third party vendor. The retailer has reported that the breach has already cost them $232 million, but Insurance Business America suggests that owing to litigation, this may reach into the billions.
In fact, various studies estimate between 63% and 76% of all data breaches can be attributed to a third party vendor. While the problem is pervasive, failures are due to basic deficiencies such as organizations’ not knowing all their third parties and what information they have access to, and a lack of regular and ongoing monitoring.
There are various data privacy laws that organizations must comply with including U.S. State Level Privacy Breach Disclosure Laws, General Data protection regulation HIPAA and more.
The Aravo Data Privacy & Security Application allows you to implement, manage and enforce consistent and objective data protection compliance programs for all your third parties, regardless of scale. Best practice templates, distilled from working with Global 2000 companies, enable organizations to rapidly implement a control framework that mitigates key security risks, which can otherwise result in breaches, fines and reputational damage.
Rapid time to value
with prebuilt configurations and reporting
Best practice workflows
distilled from deep domain experience, and global implementations for leading brands
Real time data protection compliance on a global scale
Full documentation and audit trail