The Facebook $5bn FTC fine & the importance of third party risk assurance


Following the Facebook $5bn FTC fine and Nick Clegg’s comments about how the company was “Rocked to its very foundations” by the Cambridge Analytica scandal, Jake Holloway, Director at Crossword Cybersecurity, made the following comment on the importance of third party risk assurance, and why if it can happen to Facebook it can happen to anyone that uses third parties or has a supply chain : 

“Facebook may well be able to afford to pay its $5bn FTC fine, but if an unstoppable tech titan valued at nearly half a trillion dollars can say it has been ‘Rocked to its very foundations’ by the impact of security and privacy failings – what hope do other companies have?  Facebook is just one of countless examples where third party failings have severely damaged the reputation of the company that contracts them, and put them at the scrutiny of regulators.

Companies must have a framework in place that allows them to satisfy themselves, regulators, auditors, risk committees, shareholders and customers, that third party risks are being properly and regularly assessed.

Such a framework should prove to all stakeholders:

  • You have a systematic approach to managing third party risk
  • Each third party is risk assured on an impact-assessed basis
  • Impact and risk assessments are auditable and up-to-date
  • Third party risk is visible at the right level and mitigation plans are in place where necessary”