3rd Party Risk Management , Cyber Insurance , Governance & Risk Management

CyberEdBoard Insights: Erik Hart and Erik Decker

Security Experts Discuss Effective Strategies for Managing Third-Party Risks
Erik Hart, CISO, Cushman & Wakefield, and CyberEdBoard member; and Erik Decker, CISO, Intermountain Health

Managing third-party risks remains a critical challenge for organizations. Effective third-party risk management requires prioritizing critical suppliers over peripheral ones to ensure that robust resilience planning aligns with the potential consequences of disruptions, according to Erik Hart, CISO, Cushman & Wakefield and a member of the CyberEdBoard.

See Also: OnDemand | Secure Your Vendor's Access from Attacks on Third-party Vulnerabilities

Overlooking seemingly low-risk entities can lead to significant repercussions, Hart said. Erik Decker, CISO, Intermountain Health, advised integrating materiality into risk management frameworks and aligning strategic, financial and reputational impacts to prioritize critical supplier relationships effectively.

"People are inducing risk as much as they're consuming it. People rely on me and my organization as much as I'm relying on others," Decker said. "Our resilience and our partnership has to be forethoughtful to that degree: How are we working with the partners who leverage services from us to help them contemplate their outages?"

In this video interview with Information Security Media Group at ISMG's North America Midwest Summit, Hart and Decker also discussed:

  • How to integrate business impact analysis and threat intelligence;
  • Why proactive continuity planning is needed for business resilience;
  • Why cyber insurance is part of a comprehensive risk management strategy.

Decker has more than 23 years of experience in IT, with 17 years focused on information security. His areas of expertise include risk management, incident response and network security. At Intermountain Health, he is responsible for implementing robust security measures to protect the organization's critical systems and sensitive data.

Hart has more than 20 years of experience leading the development, delivery and support of robust security and technology solutions for various organizations and clients. He is a CyberEdBoard member.


CyberEdBoard is ISMG's premier members-only community of senior-most executives and thought leaders in the fields of security, risk, privacy and IT. CyberEdBoard provides executives with a powerful, peer-driven collaborative ecosystem, private meetings and a library of resources to address complex challenges shared by thousands of CISOs and senior security leaders located in 65 different countries worldwide.

Join the Community - CyberEdBoard.io.

Apply for membership


About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.