Articles | May 2, 2025

Third-Party Cyber Risk: Looking at Vendors’ Cybersecurity

By Jay Preall

Your vendors are a critical part of your success, especially if they provide services such as payroll, investing or actuarial. Managing them is an important part of strong cybersecurity practices because their helpful services could be putting you at risk.

It’s critical to ensure your vendors aren’t weak links. The more vendors you work with, the greater the chance you’ll be impacted by a cybersecurity incident affecting one of them. Compounding the risk is the fact that every vendor you work with likely works with other vendors, increasing the probability that you’ll be affected by an incident.

Get the Article

Third-Party Cyber Risk Looking at Vendors Cybersecurity Download Now

An article published in the Spring 2025 issue of PERSist, the newsletter of the National Conference on Public Employee Retirement Systems (NCPERS), which you can access from this page with their permission, discusses protocol for managing third-party cyber risk.

The article covers these practical tips:

  • Five things a vendor’s objective, third-party cybersecurity assessment should include
  • Seven key considerations for vendor contracts (including contracts between vendors) to ensure cybersecurity incident roles and responsibilities are clearly identified
  • Four steps for monitoring vendor performance to ensure contractual cybersecurity requirements are met

Managing your third-party cyber risk is part of the strong cybersecurity practices that keep your confidential data safe.

Interested in discussing how best to manage vendor cyber risk?

We can help. 

Get in Touch

See more insights

Businessman Discussing Technology Trends With A Group Of People

Artificial Intelligence and Plan Governance Considerations

Whether you prohibit or embrace workplace AI use, you need to develop a policy that provides clear guidance to your staff and mitigates risks.

Technology, Consulting Innovation, Architecture Engineering & Construction, Healthcare Industry, Higher Education, Public Sector, Multiemployer Plans, Corporate, Benefits Technology, ATC

Read Full Insight

A Duo Of Server Room Technicians Back At The Server Room

Mitigating Evolving Risks with Cyber Liability Insurance

With constant signs of cyber risks increasing, organizations need to move quickly to protect the private information of millions of plan participants.

Insurance, Cybersecurity consulting, Multiemployer Plans, Public Sector, Healthcare Industry, Higher Education, Architecture Engineering & Construction, ATC, Cyber Advisor, Cybersecurity Awareness Month

Read Full Insight

Asian Woman Discussing New Software With Colleague

Key Challenges in Maintaining Strong Cybersecurity Defenses

Staying on top of sophisticated cybersecurity threats is one of 5 key cyber challenges your organization faces. Gain insights on what actions to take.

ATC, Corporate, Architecture Engineering & Construction, Higher Education, Public Sector, Multiemployer Plans, Technology, Cybersecurity Awareness Month, Cybersecurity consulting

Read Full Insight

This page is for informational purposes only and does not constitute legal, tax or investment advice. You are encouraged to discuss the issues raised here with your legal, tax and other advisors before determining how the issues apply to your specific situations.