Managing third-party risks? Here’s how a holistic approach can help

September 30, 2021 by World Economic Forum 1 Comment

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

Author: Ali H. Asseri, Head, Cybersecurity Risk Management, Saudi Aramco, Mansur Abilkasimov, Director, Cybersecurity Governance, Schneider Electric, Dennis Frio, Managing Director, PwC, Filipe Beato Lead, Centre for Cybersecurity, World Economic Forum

Supply chain attacks affect multiple global victims and have large economic and operational consequences;
The hyper-connectivity of industries makes it imperative for supply chain stakeholders collaborate and align third-party risk governance practices, in particular when 60% of organizations have to manage more than 1,000 suppliers;
A collaborative, aligned and holistic approach are required to streamline the process and mitigate future risks while delivering cost and time efficiencies, multi-dimensional risk coverage and increased transparency.

Recent supply chain attacks compromising multiple large organizations across various industries have had dramatic operational, financial and reputational consequences. These events don’t just affect the victim, but all stakeholders in the value chain and demonstrate the importance of taking a collaborative and holistic approach when managing third-party risks.

Managing third-party risks is challenging owing to the large number of suppliers that organizations have to onboard and manage (60% of organizations work with more than 1,000 third parties). Companies may have diverging requirements due to the singularity and the complexity of their business and business model. In the oil and gas industry, for example, the fast-paced digitization of manufacturing companies heightens the complexity of governing risk stemming from third parties within their supply chain.

Most third-party risk management approaches depend on the organization’s internal setup, culture and priorities. Current processes and requirements in the industry are still conservative and use resource-intensive methods. This hinders their ability to scale as it leads to additional overheads in terms of business engagement, including from building the capacity to onboard young organizations and start-ups with novel technologies.

Third-party risks in the oil and gas industry

Collaborative action and a holistic approach across stakeholders in the supply chain will provide multiple benefits to organizations.

The benefits of a holistic approach to risk management

The Cyber Resilience Oil and Gas community at the World Economic Forum defined such an approach based on four crucial recommendations to assess, evaluate and monitor third-party risks. These recommendations align the expectations of engagement from different stakeholders in the oil and gas industry.

We encourage organizations to consider the four following recommendations when managing third-party risks:

Recommendation 1: Establish common cybersecurity baseline requirements with third parties by following 10 key principles:

Govern third parties’ risk by establishing clear roles and responsibilities within the organization as well as ownership of risks;
Develop the cyber-literacy and education of employees handling third parties;
Establish access controls and management of critical assets for both employees and third-party contractors;
Implement change and configuration management specifically on the assets, information and facilities falling under the third party’s scope of engagement;
Require secure-by-design and by-default systems, services and interfaces;
Maintain response and recovery mechanisms by ensuring incident management, business continuity management (BCM) and disaster recovery planning (DRP) are in place, up-to-date and tested regularly following scenarios derived from intelligence and consequence-driven analysis;
Protect critical information while aligning with relevant regulations and policies;
Secure operational and physical environments by using leading safety practices;
Implement a secure development lifecycle of products, systems and tools;
Provide support for vulnerability management and patching.

Recommendation 2: Define and adopt an evaluation approach depending on the level of risk of products and services from suppliers by combining different evaluation methods. Make the choice by combining several methods based on the scalability and coverage for optimal risk coverage.

An approach for evaluating risk management

Recommendation 3: Continuously monitor and revise all third parties depending on the level of risk to the organization.

Agree on organizational-level standard cybersecurity contractual terms and conditions, using existing industry baseline language (for example, minimum cyber-requirements for all third parties) where possible;
On top of the standard contractual terms and conditions, institute more elaborate enhanced contractual terms based on the product/service type and how critical it is (for example, for IT and cloud vendors, operational technology organizations and marketing).
Use segmentation criteria or an internal inherent risk approach to assess the risks and determine the level of enhanced terms and conditions needed;
Consider the issues identified during the assessment process before executing the contract in order to adjust the terms and conditions for any changes in risk;
Engage with risk subject matter experts and the legal department throughout the negotiation process as an escalation path for clause negotiation.

Recommendation 4: Share, engage and continuously communicate with supply chain stakeholders to identify, monitor and mitigate cyber-risks more quickly and as a team.

Set a cadence to review the risk rating of the third party in order to capture any change in its risk profile or scope of engagement;
Perform a continuous and risk-based review of the nature, timing and extent of continuous monitoring activities;
Define criteria that would trigger ad-hoc assessment and audit activities, and if possible, automate the process;
Embed cybersecurity in business reviews with third parties and continuously communicate on the evolving risks and threat landscape;
Define reporting mechanisms to raise awareness and ensure timely and informed decisions by board and senior leadership, from oversight meetings to a performance scorecard and more.

To reach a cyber-resilient environment via a collaborative and risk-informed approach, the Cyber Risk Resilience in Oil and Gas community put forth a list of 39 baseline requirements and a common assessment approach to increase cybersecurity maturity and improve the effectiveness of how third-party risk is managed across the industry. This represents the first step of industry collaboration on this issue – will you align to this initiative?

Discover more from The European Sting - Critical News & Insights on European Politics, Economy, Foreign Affairs, Business & Technology - europeansting.com

Subscribe to get the latest posts sent to your email.

© IMO Crew members take a break on a ship. (file)

‘No precedent’ for seafarers caught in war zone in post-WW2 era

April 1, 2026

This article is published in association with United Nations. Some 20,000 seafarers remain stranded on ships in the Strait of Hormuz as the war in the Middle East continues, a situation which has been described as unprecedented in the post-Second World War era. The seafarers are working on some 2,000 ships including oil and gas tankers, […]

© UNIFIL UNIFIL peacekeepers on patrol along the Blue Line in southern Lebanon.

UN condemns killing of two more peacekeepers in Lebanon

March 31, 2026

This article is published in association with United Nations. The United Nations has condemned two consecutive days of deadly attacks on peacekeepers serving with the UN Interim Force in Lebanon (UNIFIL), amid rising hostilities between Israeli forces and Hezbollah militants. Two Indonesian peacekeepers were killed on Monday, and two more were injured, in an explosion that hit a UNIFIL logistics convoy, destroying […]

© WFP/Arete/Ali Yunes A building in Beirut lies in ruins after airstrikes in Lebanon.

Middle East war: Attacks on vital healthcare, evacuation strike fears

March 30, 2026

This article is published in association with United Nations. Almost one month since Israeli and US airstrikes on Iran began, sparking a wider regional war, UN agencies and partners on Friday highlighted the terror among civilians fleeing bombardment, with “no safe space” to go. In a rare piece of good news, though, the UN World Health […]

UN News/Daniel Dickinson The closure of the Hormuz strait is impacting trade on a global scale.

Persian Gulf crisis impacting food security, FAO warns

March 27, 2026

This article is published in association with United Nations. The intensifying conflict in the Persian Gulf “has triggered one of the most rapid and severe disruptions to global commodity flows in recent times,” the Chief Economist with the UN Food and Agriculture Organization (FAO) said on Thursday. The crisis is affecting agricultural production and food security worldwide, with impacts […]

Gulf war ‘out of control’, Guterres warns, as UN appoints envoy to push for peace

March 26, 2026

This article is published in association with United Nations. UN Secretary-General António Guterres has warned that the escalating Gulf war is “out of control”, urging all sides to step back from the brink and allow diplomacy to prevail, as he announced the appointment of a senior envoy to spearhead peace efforts. Speaking outside the UN Security Council in New York […]

Gaza: Commitment to US-backed plan crucial to recovery, Security Council hears

March 25, 2026

This article is published in association with United Nations. As tensions escalate in the Middle East, the international community must not lose sight of the situation in Gaza, an official with US President Donald Trump’s Board of Peace across the shattered enclave said on Tuesday in his first appearance in the UN Security Council. High Representative […]

© IMF/Stephen Jaffe The UN is warning of surging food and fuel prices driven by the escalation of the conflict in the Middle East.

Dire fertiliser shortage a lurking threat due to Hormuz crisis

March 24, 2026

This article is published in association with United Nations. Since the start of the Middle East conflict with Israeli and US strikes on Iran on 28 February, concerns have been growing over rising oil and commodity prices. At the centre of it lies the Strait of Hormuz – one of the world’s most critical maritime chokepoints […]

War in the Middle East: Iran nuclear facility hit as equivalent of ‘one classroom of children’ killed, wounded daily in Lebanon

March 23, 2026

This article is published in association with United Nations. More than 1,000 people have been killed and 2,584 injured in Lebanon since the start of the US-Israel war on Iran, UN officials said Saturday. Key points “Recent escalation has killed or wounded the equivalent of one classroom of children every day,” said Ted Chaiban, deputy chief […]

Middle East war shockwaves ripple through Asia-Pacific fuel and supply chains

March 20, 2026

This article is published in association with United Nations. The fallout from the war in the Middle East is rippling far beyond the Gulf, disrupting fuel supplies, shipping routes and supply chains across Asia and the Pacific, with some of the region’s most vulnerable economies already feeling the strain through rising prices, rationing and threats to […]

© WFP/Jaber Badwan A woman carries food rations distributed by the World Food Programme in Almaghazi, Gaza.

Humanitarian needs in Gaza deepen as aid access remains constrained

March 19, 2026

This article is published in association with United Nations. Humanitarian needs are continuing to grow again across Gaza, the UN agency assisting Palestine refugees (UNRWA) said on Wednesday, amid mounting pressures on aid delivery and the ongoing conflict in the Middle East. “Families face ongoing hardship” as access to essential aid remains limited and many continue […]

© WFP/Khadija Dia Food is distributed to displaced families sheltering in a school in Tariq Jdide, Beirut.

Middle East war risks pushing 45 million more people into acute hunger

March 18, 2026

This article is published in association with United Nations. The Middle East war could cause the worst disruption to lifesaving humanitarian work since COVID, the UN World Food Programme (WFP) warned on Tuesday, as the UN chief again demanded an end to the widening conflict. “The Secretary-General asserts once more that the war in the Middle […]

© World Vision Smoke rises in Beit Mery, close to the Lebanese capital, Beirut, following an airstrike.

Middle East war’s ‘spiral of conflict’ drives mounting civilian toll

March 17, 2026

This article is published in association with United Nations. The widening war in the Middle East and its growing impact on civilians came under scrutiny at the UN in Geneva on Monday, as independent experts briefing the Human Rights Council warned of escalating violence following the onset of Israeli and US strikes on Iran and counterstrikes […]

© Mousawat A mother and child displaced by the conflict in Lebanon receiving care at a clinic.

Middle East war: Women in Lebanon forced to give birth on roadside

March 16, 2026

This article is published in association with United Nations. As the UN Secretary-General touched down in Beirut on Friday in solidarity with the people of Lebanon, UN agencies highlighted the dangers for civilians and particularly pregnant women and migrant workers, amid ongoing airstrikes and rocket fire between Hezbollah fighters and Israel. “There’s 11,600 pregnant women who […]

© WFP/Arete/Ali Yunes Some residents of Beirut who have been displaced by the conflict are now living on the streets of the Lebanese capital.

‘Perfect storm’: Lebanon crisis deepens as civilians bear the brunt

March 13, 2026

This article is published in association with United Nations. Lebanon is facing a “perfect storm of unpredictable challenges” as conflict, mass displacement and dwindling humanitarian resources converge, the UN’s Resident and Humanitarian Coordinator in Lebanon, Imran Riza, has warned. The current escalation began on 2 March, when outgoing fire by Hezbollah drew a strong retaliation from […]

© WFP/Maxime Le Lijour People living in Gaza have received humanitarian aid from the UN throughout the conflict with Israel.

UN relief chief condemns ‘$1 billion-a-day’ cost of war in Middle East

March 12, 2026

This article is published in association with United Nations. The UN’s emergency relief chief on Wednesday condemned the “$1 billion-a-day” cost of the war in the Middle East, at a time when humanitarian needs are soaring and aid funding is falling dangerously short. “We’re seeing the consequences spread faster than we can respond”, warned the UN emergency […]

© UNICEF/Azizullah Karimi Afghan returnees from Iran gather at the Islam-Border, near Herat in western Afghanistan (file).

‘Toxic rain’ warning from oil depot strikes amid ongoing Middle East war

March 11, 2026

This article is published in association with United Nations. Toxic “black rain” linked to strikes on oil depots, mass displacement and continuing disruption to aid supply chains are upending lives across the Middle East and beyond after 10 days of war in the region, UN humanitarians said on Tuesday. Speaking to reporters in Geneva, UN Human […]

© UNHCR People gather at the Masnaa border point in Lebanon as they wait to cross into Syria.

Nearly 700,000 displaced in Lebanon as Middle East crisis escalates

March 10, 2026

This article is published in association with United Nations. On day 10 of the war engulfing the Middle East, UN agencies on Monday reported massive displacement across the region, along with surging food and fuel prices that risk increasing hunger and suffering for the most vulnerable. In Lebanon alone, nearly 700,000 people including around 200,000 children […]

UN Photo/Pasqual Gorriz Smoke rises in Beirut, Lebanon, following the outbreak of hostilities across the Middle East.

Lebanon ‘dragged back into turmoil’, UN envoy warns

March 9, 2026

This article is published in association with United Nations. Lebanon has been “dragged back into a state of turmoil and violence”, the UN’s top envoy in the country warned on Saturday, after the latest round of regional strikes triggered a fast‑escalating crisis along the Blue Line. What had been fragile but real momentum, she said, has […]

UNHCR Smoke rises after an airstrike in Beirut, Lebanon.

MIDDLE EAST LIVE: Strikes continue across Middle East as humanitarian concerns grow

March 6, 2026

This article is published in association with United Nations. Highlights Production team: Vibhu Mishra with Daniel Johnson in GenevaToday 12:15 μ.μ. UN rights office warns displacement orders in Lebanon affecting hundreds of thousands The UN human rights office has warned that large-scale displacement orders and ongoing airstrikes in Lebanon are worsening the suffering of civilians already affected […]