The next major security incident affecting your clients is unlikely to originate from within their own environment. Instead, it will stem from a trusted vendor, a SaaS platform adopted outside of IT’s visibility, or a subcontractor operating beyond formal oversight. This is the modern attack surface—and most organizations aren’t fully equipped to manage it. The … Read more
Third-party cybersecurity risk is no longer an emerging concern—it is a documented and escalating threat. A recent SecurityScorecard survey revealed that 71% of organizations experienced at least one material third-party cybersecurity incident in the past 12 months, with 5% reporting ten or more such events. Supporting data from the 2025 Verizon Data Breach Investigations Report … Read more
Third-Party Risk Management (TPRM) today prioritizes concerns of regulatory fines over strategy and operational directives for stronger security. By investing in a complete, targeted approach, organizations can elevate TPRM as an essential part of their security program strategies. Robust cybersecurity structures are critically important, and third-party risk management was once a vital component of these … Read more
A recent cybersecurity breach at the US Department of the Treasury, attributed to a Chinese state-backed actor, has raised serious concerns about supply chain security risks. This incident, which was traced back to vulnerabilities in a third-party remote tech support service, underscores the vulnerabilities of technology supply chains and the growing threat they pose to … Read more
By 2026, AI is expected to help 20% of organizations streamline their structures, potentially eliminating over half of current middle management roles. This shift is driven by AI’s ability to optimize decision-making and automate managerial tasks. Additionally, by 2027, up to 70% of new employee contracts could include provisions for AI-powered digital representations of their … Read more
Cybercriminals and hackers have increasingly exploited vulnerabilities in industry standard IT and security tools, leading to major security incidents. Incidents across multiple market segments highlight how quickly liabilities in widely used management tools can become targets for both state-sponsored groups and ransomware operators, underscoring the importance of safeguarding against supply chain cyberattacks. Certainly, supply chain … Read more
Effective Vendor Risk Management (VRM) is crucial for mitigating risks and protecting your business’s reputation. This involves identifying potential third-party vendors, conducting thorough assessments, and continuously monitoring their performance. What is Vendor Risk Management? Vendor risk management is an ongoing process of due diligence carried out before and after engaging with third-party suppliers. It aims … Read more
The number of cyberattacks is on the rise, and healthcare providers are a prime target. These attacks often come through third-party vendors, increasing the risk for healthcare organizations. The healthcare industry providers often rely on a complex network of vendors and subcontractors. This interconnectedness means a cyberattack on a vendor can easily migrate through the … Read more
Although Artificial Intelligence (AI) has been around for quite a while, the adoption and evolution of AI-related technologies has dramatically improved over the past year. AI can provide organizations with an easier way to manage third-party vendors and supplier risks and ensure compliance in this complex regulatory environment. Third Party Vendors: Opportunities and Challenges Organizations … Read more
The SEC is cracking down on SaaS security, holding public companies accountable for protecting data stored in SaaS systems and connected third-party apps. This shift reflects growing concerns about vulnerabilities in SaaS platforms and the potential impact on investors. Why is the SEC Focusing on SaaS? High Prevalence of Breaches: Despite companies feeling confident in … Read more
West Chester, PA January 12, 2024, Modevity, LLC, a leading Commercial Intelligence company established in 2004 specializing in Investigative Due Diligence Research and Vendor Risk Management (VRM) Services, announced today that the company signed a contract to support DMC Global a US based Engineered Products Manufacturer for Third-Party Vendor Risk Management Support. In this highly … Read more
Data analysis may seem like a technical role on a surface level, but the reality of the job is nuanced and vital to most business and technical operations. The analysis process involves more than crunching numbers; it requires an understanding of the human elements behind the data. Whether it’s analyzing customer behavior or detecting fraudulent … Read more
Ransomware attacks are a growing threat to hospitals, with the number of attacks increasing year over year. These attacks can have a devastating impact on hospitals, disrupting patient care, delaying critical procedures, and costing millions of dollars in damages. Hospitals are particularly attractive targets for ransomware gangs because they have substantial amounts of sensitive data, … Read more
Introduction Healthcare organizations have long been considered the cornerstone of public health and wellness, entrusted with the responsibility of caring for our physical well-being. In fulfilling this crucial role, the industry relies heavily on the competence and integrity of its workforce and critical vendors. However, recent incidents have revealed major flaws in healthcare hiring processes, … Read more
In today’s interconnected and technology-driven business ecosystem, cybersecurity is a paramount concern. As organizations continue to digitize their operations and data, the risk of cyberattacks looms large. While many businesses invest heavily in cybersecurity measures, a significant challenge persists—board members frequently struggle to understand cybersecurity risks. This knowledge gap poses a serious threat to businesses, … Read more
In recent years, the world of artificial intelligence (AI) has witnessed remarkable advancements that have reshaped industries, revolutionized processes, and elevated human capabilities. One of the most promising developments in this technology is Generative AI, a technology that holds the potential to deliver transformational benefits across various domains in the next couple of years. It … Read more
Modevity, LLC, founded in 2004 and headquartered in West Chester, PA, is a trusted provider of comprehensive Investigative Due Diligence Research Reporting Services that helps organizations make informed business decisions, and manage risks, across multiple organizational use cases and market segments. With our in-depth due diligence research, advanced technology platforms, and experienced data investigators, we … Read more
Vendor Risk Management has wide-ranging implications throughout an organization. The failure of a vendor to meet their obligations can have detrimental effects on a firm’s security, compliance, manufacturing processes, and customer support. While establishing a vendor’s baseline ‘risk’ profile is a fundamental step, continuous vendor monitoring for any changes becomes crucial for security, risk managers, … Read more
These risks associated with implementing AI systems must be acknowledged by organizations that want to use the technology ethically and with minimal risk as possible. Organizations in varied market segments have always had to manage risks associated with new technologies and solutions to support and expand their businesses. Certainly, they must do the same when … Read more
West Chester, PA April 24, 2023, Modevity, LLC, a leading Commercial Intelligence company established in 2004 specializing in Investigative Due Diligence Research and Vendor Risk Management (VRM) Services, announced that the company has a new client a National Historic Real-Estate Development Company. Modevity continues to expand its Investigative Due Diligence Research Reporting Services support for … Read more
Vendor Risk Management as a Service Hospital networks and healthcare providers are becoming more scrutinized than ever by government regulators about how organizations manage and evaluate Third-Party Risks of the vendors, suppliers, and contractors in their supply chain. Understanding how these regulations connect to third-party vendor risk is paramount to ensuring compliance, but also recognizing … Read more
Vendor Risk Management As a Service Modevity, LLC, a leading Commercial Intelligence company established in 2004 specializing in Investigative Due Diligence Research and Vendor Risk Management (VRM) Services, announced that the company is rolling out their Third-Party Vendor Risk Management Services Support to Captive Insurance Industry. Modevity provides an array of Third-Party Vendor Risk Management … Read more
Vendor Risk Management as a Service West Chester, PA February 28, 2023 Modevity, LLC, a leading Commercial Intelligence company established in 2004 specializing in Investigative Due Diligence Research and Vendor Risk Management (VRM) Services, announced today that the company signed a contract to support a US based Auto Finance Company with their Third-Party Vendor Risk … Read more
The US Treasury Department’s anti-money laundering unit recently issued a final rule that reveals which types of legal entities will be required to report information on their true, or “beneficial” ownership to Treasury The final rule is an attempt by the US government to lift the veil of anonymity offered by shell companies that has … Read more
Third-Party Vendor Risk Management (VRM) and KYC should be a critical component of any Captive Insurance Company’s overall risk management program. Captive insurers rely heavily on vendors for various functions, including technology solutions, actuarial services, and claims processing, etc. So, it is critical for those Captive Insurance companies to manage their third-party vendor risks to … Read more
Investing In Better IT Security to Protect Against Cyber-Attacks Will Make Organizations More Resilient Against Other Risks Including Third-Party Vendor Risk In 2023, companies in all market segments are now faced with the possibility of finding that they are unable to obtain a cyber security insurance policy since the volatility of cyber-attacks reaches new levels. … Read more
As we begin 2023, this year will be remembered as the year when cybersecurity strategies and procedures against escalating cyber threats becomes ever more challenging. No longer are organizations scrambling to stabilize their operations amid the disruption caused by the impact of the pandemic, but for all this talk of the “new normal,” the world … Read more
Senior management in most organizations in varied market segments recognize they are becoming increasingly reliant on third-party vendors to support critical business functions, but with the providing access to a business’s internal networks comes cyber risks and data breach threats. It is estimated that more than 50% of businesses using third-party vendors have experienced a … Read more
Most companies believe they are using no open-source software libraries with known vulnerabilities, but new research finds them in 68% of selected enterprise applications. In this regulatory and security centric business environment, the number of documented supply chain cyber security attacks involving malicious third-party components has increased over 600% the past year. Currently, sitting at … Read more
In this regulatory and security centric healthcare environment, Hospital networks and healthcare providers are becoming more scrutinized than ever by government regulators about how organizations manage and evaluate risks of the vendors, suppliers and contractors in their supply chain. Understanding how these regulations connect to third-party vendor risk is paramount to ensuring compliance, but also … Read more
Organizations across most market segments are becoming increasingly reliant on third-party vendors to support critical business operations across the board to support a wide array of process and functions. It is estimated that over 50% of businesses using third-party vendors have experienced a data breach involving confidential information. Given the current state supply chain’s impact … Read more
No doubt, Western Sanctions are beginning to take hold on the Russian Economy. With the Russian Ruble having become one of the world’s most undesirable currencies, Kremlin-connected financiers and oligarchs now have critical overexposure to Western capital markets and financial systems. With key Russian financial institutions, such as Sberbank and VTB, facing extensive Western sanctions, … Read more
The Federal Deposit Insurance Corporation (FDIC), the Board of Governors of the Federal Reserve System (Board), and the Office of the Comptroller of the Currency (OCC) (collectively, the agencies) are seeking comment on proposed guidance on managing risks associated with third-party relationships. The proposed guidance offers a framework of sound risk management principles to assist … Read more
Certainly, with the recent pandemic has affected every part of the supply chain, in all market segments. The majority of companies worldwide are continually being challenged in their operational, financial and organizational resilience across their supply chain network. Looking back, the pandemic has highlighted risks and resiliency gaps for many organizations. Recent industry surveys are … Read more
Proposed rules place greater responsibility on C-suites and Boards for Managing, Mitigating Cyber Threats Earlier in 2022 , the U.S. Securities and Exchange Commission (SEC) announced that it was proposing new rules to standardize disclosures by publicly traded companies related to cybersecurity risk management, strategy, governance, and incident reporting. Although the rules have yet to … Read more
The Financial Crimes Enforcement Network (FinCEN) and the U.S. Department of Commerce’s Bureau of Industry and Security (BIS)1 are issuing a joint alert2 urging financial institutions3 to be vigilant against efforts by individuals or entities to evade BIS export controls implemented in connection with the Russian Federation’s (Russia) further invasion of Ukraine. This joint alert … Read more
The Treasury Department continues to investigate sanctions violations by crypto exchange companies in whether their crypto exchange allows users in sanctioned countries to buy and sell digital tokens. For example, The Treasury Department’s Office of Foreign Assets Control has been investigating Kraken since 2019 as reported by NY Times. It appears that Kraken would be … Read more
The Department of Labor’s (DOL) release of cybersecurity best practices for plans covered by the Employee Retirement Income Security Act (ERISA) makes it clear that plan sponsors, service providers, and participants share responsibility for protecting plan accounts. The guidance, which includes tips for hiring service providers, cybersecurity program best practices, and online security tips, provides … Read more
In March of this year, the Securities and Exchange Commission (SEC) proposed a set of rules and amendments that the agency expects will strengthen the financial sector’s defense against cyberattacks. They seek to standardize disclosures and admissions of material cybersecurity incidents and improve visibility into a company’s cybersecurity risk management and governance policies to better inform investors. … Read more
Vendor Risk Management (VRM), Third-Party Risk Management (TPRM), and Supplier Risk Management (SRM) are programs that companies employ to assess their relationships with third parties or suppliers for potential risk. The most common types of risk a company will want to evaluate for are regulatory, operational, financial and reputational. The purpose and function of VRM, TPRM and SRM are similar: the core process is to identify, assess, monitor and mitigate risk. The slight variations between each program depend on your company’s … Read more
Today organizations in all market segments increasingly rely on an assortment of third-party vendors, suppliers, and partners. We are all aware of the continued growth of the extended enterprise – companies relying on a network of third-party vendors to provide them with organizational services, products, and competitive advantage. Over the past few years, the use … Read more
Today, Cybersecurity risks originate from many sources, both domestic and from international regions. Most importantly, these cybersecurity risks occur across the array of securities and financial markets. The seriousness of the threats and the heightened concerns to investors, issuers, and other securities market participants, and the financial markets and economy more generally, are considerable and … Read more
What Is the Difference Between a 401(k) Plan Sponsor and a Plan Administrator? Typically, the employer is considered the 401(k) “plan sponsor,” whereas the day-to-day running of the plan may be handled by a third-party “plan administrator.” Understanding the different responsibilities between the plan sponsor and plan administrator is essential to maintain compliance with all … Read more
Retirement Plan Sponsors shared in a survey the steps they have taken, or will take, to reduce plan leakage and retain retiree assets in the plan. Preventing asset leakage and Cybersecurity concerns have been priorities for plan sponsors, according to new research from Callan, and many plan sponsors expect to act further this year. The … Read more
On February 9, 2022, the SEC voted 3-1 to propose rules that would significantly expand the risk management and reporting requirements concerning cybersecurity and related matters for registered investment companies (RICs), business development companies (BDCs), and investment advisers registered or required to be registered with the SEC (RIAs) The proposed rules would require advisers and … Read more
In a lawsuit, he alleges the retirement plan service provider did not take steps to protect the personal information of participants in plans it serves. As the level of awareness of Cybersecurity protection of confidential data has increased, however, so has the size and complexity of the cybersecurity problem from the perspective of plan fiduciary. … Read more
Alight has been sued by retirement plan participants whose accounts were hacked, and the Department of Labor is investigating the provider’s practices. Judge John F. Kness of the U.S. District Court for the Northern District of Illinois has ruled that Alight Solutions must comply immediately with a Department of Labor (DOL) administrative subpoena seeking documents … Read more
Modevity, LLC, a leading Commercial Intelligence company established in 2004 specializing in Investigative Due Diligence Research and Vendor Risk Management (VRM) Services, announced today that the company has launched their new Cybersecurity Assessment Services for Retirement Plan Sponsors. The US Department of Labor Guidance regarding Plan Sponsors’ fiduciary responsibilities, states that Plan Sponsors should assess … Read more
As noted in the DOL Guidance on Cybersecurity, Plan Sponsors should continuously ask, are my ERISA plan’s assets and participant data protected from cyberattacks?” The Department of Labor’s (DOL) release of cybersecurity best practices for plans covered by the Employee Retirement Income Security Act (ERISA) makes it clear that plan sponsors, service providers, and participants … Read more
On May 17, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA) and the FBI, along with allied nations, published a Cybersecurity Advisory to raise awareness about the poor security configurations, weak controls and other poor network hygiene practices malicious cyber actors use to gain initial access to a victim’s system. “Weak … Read more
The Crypto Asset and Cyber Unit will increase to 50 positions; Commissioner Hester Peirce questioned why the commission was ‘leading with enforcement in crypto?’ The Securities and Exchange Commission will expand its Enforcement Division unit focused on crypto assets and cyber violations by 20 positions to 50 in total. SEC Chair Gary Gensler said the move was … Read more
The temperature is rising on the quality of cybersecurity risk for registered investment advisors, whether they are in the DOL space or not. In February, the U.S. Securities and Exchange Commission voted to propose two new rules on cybersecurity: rule 206(4)-9 under the Advisers Act and rule 38a-2 under the Investment Company Act. From a high-level perspective, … Read more
The Financial Crimes Enforcement Network (FinCEN) today issued an advisory on kleptocracy and foreign public corruption, urging financial institutions to focus their efforts on detecting the proceeds of foreign public corruption—a priority for the U.S. Government as it continues to implement the U.S. Strategy on Countering Corruption. The advisory provides typologies and potential indicators of kleptocracy and … Read more
Most organizations that will be making strategic and critical business decisions, it is imperative to undertake an extensive due diligence investigation. Due Diligence is defined as, “the care a reasonable person exercises to avoid harm to other persons or their property.” Investigative Due Diligence refers to the research and analysis of an individual or organization done … Read more
Third-Party Vendor Risk Management (VRM) is an important part of the overall risk management landscape for enterprise organizations. Many corporations have thousands of suppliers: The recognized consumer goods company Proctor and Gamble states that it has over 75,000 suppliers. These suppliers are responsible for everything from software to raw materials, components in the product supply … Read more
Vendor Risk Management as a Service West Chester, PA Modevity, LLC, a leading Commercial Intelligence company established in 2004 specializing in Investigative Due Diligence Research and Vendor Risk Management (VRM) Services, announced today that the company signed a three-year contract to support a US based Insurance client to outsource their Third-Party Vendor Risk Management program. … Read more
It seems that the potential for a major data breach event has organizations prioritizing third-party risk management across the board. But when it comes to evaluating and managing vendors and the potential threats they may present to the enterprise, the risks reach is far beyond IT-related cyber security challenges. The importance of the expansion of … Read more
Company Adds New Financial Risk Scoring & Reporting to Continue Expanding Their Extensive Capabilities West Chester, Pa., April 28, 2022 — Modevity, LLC, a leading Commercial Intelligence company established in 2004 specializing in Investigative Due Diligence Research and Vendor Risk Management (VRM) Services, announced today that the company has rolled out their new Financial Risk Scoring & … Read more
Company Unveils a New Website to Enhance Its Commitment to Providing Best in Market Investigative Due Diligence Research & Vendor Risk Management (VRM) Services West Chester, Pa., April 25, 2022 — Modevity, LLC, a leading Commercial Intelligence company established in 2004 specializing in Investigative Due Diligence Research and Vendor Risk Management (VRM) Services, announced today that the … Read more
Trusted partner since 2004.
Copyright © 2022 All rights reserved.
