
Explanation:
While the incident involves a data breach (cyber risk) and falls broadly under operational risk, the most specific and accurate classification based on the context provided is third-party risk. The vulnerability and subsequent breach were directly due to the inadequate security protocols of the outsourced analytics company (the third party), highlighting the risk inherent in relying on external vendors for critical operations or data handling.
Ultimate access to all questions.
Q.34 As a risk manager at a financial institution, you are reviewing a recent security incident. The details of the incident are as follows: The bank had recently outsourced its customer data analysis to a specialized analytics company. This arrangement was intended to leverage the company's advanced data processing capabilities to gain better customer insights. However, it was discovered that due to inadequate security protocols at the analytics company, there was unauthorized access to the bank's customer data. This breach led to the exposure of sensitive personal and financial information. Based on this incident, what type of risk does this situation most closely represent?
A
Operational risk
B
Third-party risk
C
Compliance risk
D
Cyber risk
No comments yet.