An ecosystem approach to cyber resilience
A business is known by the companies it keeps
Published by Mastercard, August 2024
It is a scenario eerily reminiscent of recent times. When one body is put at risk, so is everybody in contact with it.
​
Being part of a resilient community can reduce that risk. In epidemiology, it is called “herd immunity.” In cybersecurity, third-party risk management (TPRM) is supposed to provide it. In the same way a disease peters out when it cannot contaminate enough people, a breach cannot spread when its surroundings are secure.
​
But the “me versus them” mentality of standard TPRM approaches makes that resilience difficult to achieve. Third parties tend to be an afterthought in cybersecurity; fourth parties and beyond tend to be ignored entirely.
​
Businesses often assume that third-party risk can be managed based on the amount of data shared or its sensitivity. That is not wholly misled, but it does ignore that a breach affecting some innocuous data can rapidly infect other areas. An ecosystem approach solves that by reorienting cybersecurity, and by extension TPRM, around a collective “us.”
​