Latest news with #thirdpartyrisk
Zawya
3 days ago
- Business
- Zawya
KPMG report warns: Your business is only as secure as your weakest vendor
Riyadh, Saudi Arabia – As businesses increasingly rely on external partners to power their operations—from cloud services to logistics and software — a new report by KPMG Middle East urges leaders to pay closer attention to a growing but often overlooked vulnerability: third-party cyber risk. A new report titled 'As strong as your weakest link: Critical considerations in Third-Party Risk Management' explores how external vendors, while essential to business growth and efficiency, are becoming a major entry point for cyber threats. The message is simple but urgent: even if your company invests heavily in cybersecurity, a single weak link in your vendor chain can compromise it all. Recent examples—from high-profile data breaches to regulatory fines—reveal just how much damage can stem from gaps in third-party oversight. The report highlights that 73 percent of surveyed organizations admitted that inefficiencies in how they manage third-party risk have left them exposed to reputational damage. Alarmingly, nearly every company studied—98 percent—had at least one vendor suffer a cyber breach in the past two years. 'These aren't hypothetical risks—they're real, and they're growing,' said Ton Diemont, Partner and Head of Cybersecurity – Saudi Arabia, Jordan and Lebanon at KPMG Middle East. 'Attackers today are strategic. They don't just target big corporations directly. They look for the weakest partner in the supply chain and exploit the lack of visibility or oversight. That's why managing vendor relationships is no longer just a procurement concern—it's a business-wide priority.' The report sheds light on a number of recurring challenges. Many businesses continue to struggle with limited insight into their vendors' cybersecurity practices. Contracts often lack clarity on key issues like breach reporting or data protection, and small or mid-sized companies in particular may not have the resources to properly assess every third-party they work with. In some cases, vendors themselves rely on subcontractors—adding yet another layer of complexity. When something goes wrong, these blind spots can quickly lead to operational disruption, regulatory penalties, or loss of customer trust. While the risks are serious, the report also outlines a clear path forward. Companies that have taken a structured approach to third-party risk management—by thoroughly vetting vendors before onboarding, embedding cybersecurity requirements into contracts, and implementing continuous monitoring—have shown greater resilience and faster response when incidents occur. KPMG's experience advising organizations across the Middle East shows that those who treat vendor risk as a core governance issue, rather than a one-off compliance task, are better prepared to adapt as threats evolve. The report also looks to the future—specifically, how generative AI is transforming the way companies can manage third-party risks. By automating time-consuming tasks like contract reviews, compliance checks, and threat detection, AI is helping teams work smarter, respond faster, and reduce operational costs. 'This is a major shift,' adds Diemont. 'We're moving from reactive to proactive. Businesses that embed AI into their vendor risk processes are not only more secure—they're also more agile and cost-effective.' What's clear is that third-party risk is no longer just a technical issue—it's a strategic one. And in today's regulatory landscape, staying ahead of it is becoming non-negotiable. As countries like the UAE and Saudi Arabia strengthen compliance requirements, organizations that lack a strong third-party risk framework may find themselves falling short, not just in audits, but in trust. 'This isn't just about technology,' added Mohammed Alshaghdali, Associate Director and TPRM Lead at KPMG Middle East. 'It's about protecting relationships. When you secure your extended network—your vendors, partners, and suppliers—you're also safeguarding your customers, your reputation, and the future of your business.'
Associated Press
3 days ago
- Business
- Associated Press
Panorays to Adopt Google Cloud's AI Technology
Panorays Deploys Google Cloud's Generative AI Technology and Gemini Models into Its Third-Party Cybersecurity Platform New York, NY - Panorays, a leader in third-party cybersecurity risk management (TPCRM), proudly announces its integration of Google's Gemini models into its cybersecurity platform. Panorays will harness the power of Google's gen AI technology to automate its ability to determine and tier vendors and enhance the accuracy and efficiency of third-party risk assessments. Gemini models will help Panorays better evaluate the security positioning of its vendors through improved analysis capabilities. Addressing Third-Party Risk Management Challenges Traditionally, CISOs and security managers have faced challenges when evaluating third parties, such as time-consuming processes, limited visibility, insufficient information, and potential human errors in data entry. Panorays' integration with Gemini models aims to alleviate these issues. AI Answer Advisor Engineered with Gemini AI Answer Advisor, engineered with Gemini, streamlines cybersecurity questionnaires with one-click answers using publicly available data. It helps internal relationship owners complete third-party business information and assists third parties in filling out templates, ensuring a clearer definition of their business impact. Grounded, AI-driven responses help to find the most relevant and accurate answers. Panorays enhances this with Smart Match, which leverages internal third-party data, and Gemini recommendations, using publicly available information. By combining these two data sources, Panorays delivers reliable and transparent insights, strengthening user trust in the system's accuracy and performance. Key Benefits and Capabilities Commitment to Responsible AI and Data Privacy Panorays is dedicated to responsible AI, with privacy and accuracy as core tenets of its self-hosted, self-trained AI engine for third-party cyber risk management. This AI engine drives efficiency, accuracy, and robust risk modeling. By integrating Gemini models, Panorays enhances its platform with additional capabilities that leverage public data for operational processes, vendor tiering, and incident response. About Panorays Panorays is a global provider of third-party cybersecurity management software. Adopted by leading banking, insurance, financial services, and healthcare organizations, Panorays enables businesses to optimize their defenses for each unique third-party relationship. With personalized and adaptive third-party cyber risk management, Panorays helps businesses stay ahead of emerging threats and delivers actionable remediations with strategic advantages. The company serves enterprise and mid-market customers primarily in North America, the UK, and the EU, Headquartered in New York and Israel, with offices around the world, Panorays is funded by numerous international investors, including Aleph VC, Oak HC/FT, Greenfield Partners, BlueRed Partners (Singapore), StepStone Group, Moneta VC, Imperva Co-Founder Amichai Shulman and former CEO of Palo Alto Networks Lane Bess. Visit us at Media Contact Company Name: Panorays Contact Person: Brooke VanHest Email: Send Email Phone: 6102157445 Address:155 East 44th Street Suite 701 City: New York State: NY 10017 Country: United States Website: Source: PR Company
