Stay up to date on the latest vendor risk management news happening this month. Check out the articles below.
Recently Added Articles as of November 20
AI risk is growing as organizations look toward possible reputational damage. More than 70% of S&P 500 companies now disclose AI as a risk — up from just 12% two years ago — with most flagging reputational damage as their top concern, driven by fears of visible AI failures, biased outcomes, and rising regulatory scrutiny. Companies also highlight AI-related cybersecurity exposure, especially the growing dependence on third-party cloud and AI vendors that can introduce systemic vulnerabilities. Organizations need stronger AI governance, better documentation, and tighter vendor oversight to manage fast-evolving risks that span reputational, operational, and security pressures.
Cloudflare outage brings down websites, serves reminder of concentration risk. A major Cloudflare outage briefly knocked major websites and apps offline worldwide — from OpenAI and X to banks, streaming services, and even Cloudflare’s own dashboard — after an oversized auto-generated configuration file crashed part of its traffic-handling system. Services gradually recovered, but the incident underscored the risks of relying on a single provider for performance and protection, as one misstep can cause ripple effects across the internet. Cloudflare has since restored normal operations, but the outage serves as another reminder, following last month’s AWS disruption, that even top-tier infrastructure providers remain vulnerable to configuration errors and other routine failures.
Third-party data breach compromises Logitech information. Logitech confirmed a data breach affecting some employee, customer, and supplier information after attackers exploited a zero-day vulnerability in a third-party software platform, which has since been patched. The company says no sensitive personal data like credit card or national ID numbers appear to be impacted, and it expects no material effect on operations or finances, with response costs covered by cybersecurity insurance.
Staying prepared for major vendor outages. Recent outages at major cloud vendors like AWS, Azure, and Cloudflare have highlighted just how dependent businesses are on third-party cloud services and the widespread impacts when they fail. These disruptions caused millions of users to lose access to apps and services, generated significant financial losses, and underscored that uptime alone doesn’t guarantee operational continuity. Have robust incident-response plans, resilient hybrid or multi-cloud architectures, and regular tabletop exercises to test recovery, communication, and failover strategies. Strong planning and governance can minimize financial, operational, and reputational damage.
What smart security teams understand about TPRM. Third-party compromise is now one of the biggest attack vectors, and recent events like Snowflake and MOVEit show how a single weak control in a vendor can cascade across entire ecosystems. The organizations that sleep well at night are the ones that treat vendor risk as part of their security strategy — prioritizing critical partners, demanding transparency, baking controls into contracts, and building real resilience long before an incident hits.
Recently Added Articles as of November 13
Vendor relationships pose big cyber risks to financial institutions. The financial sector’s biggest cyber risks may lie in its tech supply chain, not the banks themselves, according to new research. Analyzing 41,000 institutions and 50,000 vendor relationships, researchers found suppliers performed worse than FIs in most cybersecurity categories, with larger providers often scoring lowest. Despite strict regulations, financial firms monitor only about a third of their vendors, and unmonitored suppliers were nearly three times more likely to have critical vulnerabilities. The takeaway: continuous, thorough third-party monitoring is vital to keeping the sector secure.
Combating AI cyber threats in the insurance industry. Insurance carriers must evolve cybersecurity strategies to keep pace with fast-moving threats. Daily threat assessments, AI-driven automation, and continuous third-party risk management are critical to staying ready. It’s important to integrate defense solutions and automated responses to counter AI-powered cyberattacks. Using proactive planning helps ensure insurance companies stay ahead of new technological innovations.
Hyundai subsidiary confirms data breach. Hyundai AutoEver America (HAEA), Hyundai’s North American IT-services subsidiary, confirmed a cyberattack that exposed sensitive customer data, including names, Social Security numbers, and driver’s licenses — potentially affecting up to 2.7 million people. To help mitigate risk, the company is offering two years of free identity theft and credit monitoring. This incident underscores the ongoing threat of third-party breaches, as even subsidiaries of major brands can become entry points for cybercriminals.
Evolving cybersecurity practices to keep up with today’s risks. As organizations rely on complex networks of vendors and cloud providers, a single weak link can disrupt operations worldwide. Traditional vendor checklists and annual audits no longer cut it. It's important to embed cybersecurity into procurement decisions, monitor vendors continuously, and adopt zero trust principles for third-party access. With AI introducing new risks, clear contract clauses and transparency are essential.
Recently Added Articles as of November 6
U.S. CISA and UK cyber agency issue guidance for operational technology systems. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and FBI, alongside the UK’s National Cyber Security Centre, released new joint guidance to help organizations strengthen cybersecurity for operational technology (OT) systems. It urges OT owners and operators to create a continually updated “definitive record” of all assets to improve visibility, manage third-party risks, and bolster resilience. It outlines five core principles, including maintaining accurate asset inventories, managing vendor connections, and implementing an OT information security management program.
Securing Internet of Things devices. Insecure Internet of Things (IoT) devices can create new entry points for cyberattacks and expand organizational risk. To mitigate these risks, treat IoT vendors like any other high-risk third party—requiring transparency, secure update practices, and clear accountability throughout the device lifecycle. Enforce strong security standards, including verified software bills of materials (SBOMs), tamper-proof logging, and tightly controlled vendor access.
Cultivating the right bank-fintech partnership. Bank-fintech partnerships offer powerful opportunities for growth, innovation, and expanded market access, but success hinges on three key factors: selecting the right partner, respecting regulatory requirements, and ensuring smooth technical integration. Conduct thorough due diligence, align culturally, and establish clear performance and compliance expectations. Strong governance, transparent data practices, and proactive third-party risk management are essential. When executed well, these partnerships combine fintech innovation with banks’ scale and regulatory expertise to deliver better services, resilience, and customer-centric solutions.
Why third-party risk is critical for SMBs to manage. Third-party risk is emerging as a major cybersecurity vulnerability for small and midsize businesses (SMBs), as vendors and service providers increasingly handle sensitive data and have network access. Outsourced IT, cloud apps, payroll, and other services can become gateways for attackers. Modern tools and standardized workflows make TPRM practical for SMBs, helping them identify gaps, prioritize risks, and maintain compliance, while also positioning service providers as strategic advisors and trusted partners in managing vendor-related cybersecurity threats.
