
Explanation:
While the event involves a cyber breach, the risk is most closely identified as third-party (or vendor) risk because the exposure stemmed directly from the bank's decision to outsource its customer data analysis. Third-party risk management focuses on the risks that arise when relying on outside parties to perform services or activities on behalf of the firm. The inadequate security protocols at the analytics company demonstrate a failure in third-party risk oversight and due diligence.
Ultimate access to all questions.
Q.34 As a risk manager at a financial institution, you are reviewing a recent security incident. The details of the incident are as follows: The bank had recently outsourced its customer data analysis to a specialized analytics company. This arrangement was intended to leverage the company's advanced data processing capabilities to gain better customer insights. However, it was discovered that due to inadequate security protocols at the analytics company, there was unauthorized access to the bank's customer data. This breach led to the exposure of sensitive personal and financial information. Based on this incident, what type of risk does this situation most closely represent?
A
Operational risk
B
Third-party risk
C
Compliance risk
D
Cyber risk
No comments yet.