Moody’s finds lack of progress in private, public sector management of third-party risks

Companies and government agencies in North America are failing to improve third-party cyber risk management practices, according to a new report from Moody’s Ratings, despite general trends reflecting adoption of best practices and growth of security budgets.

“[B]ucking the trend of improving cyber defenses is a lack of meaningful progress in assessing risks posed by third-party vendors. This is despite a number of high-profile attacks,” Moody’s says in a Thursday report.

The report says, “Apart from Financial Services and...