TUI Group, a large organization with over 62,000 employees, faces challenges in training and raising awareness about cybersecurity across its diverse workforce. The company has many legacy suppliers and legal entities, making third-party risk management (TPRM) a priority [7379a939]. To address the issue, TUI implemented SecurityScorecard, a ratings platform that helps assess the security of new suppliers. The tool is easy to use and provides a strong indicator of third-party risk [7379a939].
TUI also emphasizes security in all activities and has security champions within its technology teams. The company is focused on complying with incoming regulations and directives, such as NIS2, which is relevant to its airlines and cruise companies [7379a939]. TUI collaborates with industry peers to share best practices and protect their respective companies' assets [7379a939].
This initiative by TUI Group highlights the importance of third-party risk management in a large organization. By implementing SecurityScorecard and emphasizing security in all activities, TUI is taking proactive steps to assess and mitigate third-party risks. The company's focus on compliance and collaboration with industry peers further strengthens its cybersecurity posture and ensures the protection of its assets.
The Compliance Week Third-Party Risk Management & Oversight Summit, held on June 3-4 in Atlanta, addressed several key issues in risk management. These included the safe deployment of artificial intelligence (AI) in due diligence, assessing vendor viability and sustainability, the role of procurement in risk ranking, and the intersection of data privacy and cybersecurity [319867d1]. Qifei Zeng from the London Stock Exchange discussed the use of AI in due diligence, highlighting the need for a human-centric approach. Lindsay Koren from Darden Restaurants emphasized the importance of guardrails when using AI. Sanghamitra Saha from Cirrus Cybersecurity Group discussed vendor red flags and the need for collaboration between departments. Carey Davidson from Aravo questioned the relationship between data privacy and cybersecurity. Angelique Lee from Jazz Pharmaceuticals stressed the importance of using available data in risk scoring vendors and involving procurement in the process [319867d1].
The summit also touched on the topic of sanctions compliance and the impact of external factors, such as a water main break, on event logistics [319867d1].
The integration of insights from the TPRM Summit provides valuable context to the challenges faced by organizations like TUI Group. The discussions around the safe deployment of AI, assessing vendor viability, and the intersection of data privacy and cybersecurity shed light on the complexities of third-party risk management. The emphasis on collaboration between departments and the involvement of procurement in risk ranking further underscore the importance of a holistic approach to TPRM. Additionally, the summit's exploration of sanctions compliance and the impact of external factors highlights the need for organizations to be prepared for unexpected events that can disrupt operations [319867d1].