Kurkime modernią Lietuvos ateitį kartu

Registruotis
Grįžti

Nacionalinis kibernetinio saugumo centras

Cyber security: How can the nation help ensure the management of third parties (contractors)?

7 September 2023 - 1 March 2024

Problem

The National Cyber Security Center (NCSC) reported and observed data showing that in 2021, the number of cyber incidents in Lithuania remained similar to 2020. However, there was an increase in larger and more complex incidents, which have a more significant negative impact. This trend is of serious concern because the consequences of such incidents can have long-term effects on both public and private sector entities. 

According to the presented data, cyber incidents involving third parties are a major problem globally and can significantly impact businesses financially. In 2021, 39% of major organizations worldwide reported being impacted by a third-party cyber incident in the past two years¹. Research by “Kaspersky” revealed that third-party incidents were the costliest corporate data breaches in 2021, with an average financial impact of $1.4 million USD per event, marking it as the most expensive incident type to date². Furthermore, a report from “CRA Business Intelligence” indicates that 66% of organizations have seen an uptick in third-party security incidents in the past 12 months³. 

Managing third parties represents one of the most intricate areas within the realm of cyber security. While the NCSC is the primary institution overseeing cyber security in Lithuania, its activities are mainly centered around ensuring the security of state and municipal institutions. Conversely, the security of third parties like contractors and suppliers is not as robust due to the absence of regulatory measures and standards that could be applied in this sector. 

Currently, Lithuania lacks clear regulatory structures and procedures that would facilitate the effective management of third-party cyber security. This means that despite having strong cyber security measures in state institutions, the private sector, along with its third-party partners, remains exposed to potential security breaches and threats. These risks cannot be adequately addressed without established regulatory and cooperative mechanisms. 

Goal

A collaboration between the public and private sectors is crucial for the effective governance of third parties in cyber security. However, for this partnership to be successful, there’s a need to put forth clear operational principles and regulatory guidelines. These measures will ensure that third parties comply with the necessary security standards and procedures. Implementing such standards will not only diminish cyber threats but also bolster the overall cyber security maturity in Lithuania. 

Project progress

2023/10/31

Analysis of documents

2023/11/15

Interview with various stakeholders

2023/11/30

Current situation analysis

2023/12/22

Good foreign practices analysis

2024/01/19

Preliminary proposals for solutions

Participants

2023/24
Aurelija Požytė Grinė
Aurelija Požytė Grinė
2023/24
Paulius Bagdonas
Paulius Bagdonas

Related projects

7 September 2023 - 1 March 2024

Assessment of Lithuania’s advantages in semiconductors and optoelectronics sectors

Invest Lithuania

The aim of the project is to identify the regional advantages that can be leveraged to attract FDI in the semiconductor and optoelectronics sectors and create recommendations on promotion and improvement of Lithuania as a business environment for these sectors.

Participants: Barbora Sharrock

7 September 2023 - 1 March 2024

Enabling Participation: Opportunities for Individual Contributions in Culture Funding

Ministry of Culture of the Republic of Lithuania

The aim of the project is to explore how individuals can contribute to cultural funding and identify ways to create more favorable conditions for such opportunities.

Participants: Giedrė Pociūtė, Ieva Mikutavičiūtė

7 September 2023 - 1 March 2024

Lithuania’s innovation development potential in the transport sector

LR Susisiekimo ministerija

The aim of the project is to investigate the growth potential of the innovation ecosystem in the Lithuanian transport sector and to prepare recommendations and a pilot solution to stimulate this growth.

Participants: Viktorija Orlovaitė, Benediktas Girdvainis

7 September 2023 - 1 March 2024

Assessment of the Competitiveness of Lithuania’s Biotechnology Sector in the Global Bioeconomy

Invest Lithuania

Project goal  – to assess Lithuania’s biotechnology sector’s potential for integration and competition in global bioeconomy value chains and identify promising biotechnology subsectors for investment attraction.

Participants: Rasa Mončiunskaitė

7 September 2023 - 1 March 2024

Disruptive technologies in Lithuania’s defence

Defence Materiel Agency under MND

The aim of the project is to develop a long-term strategy of technological priorities for the national defence system to ensure the technological advantage of the Lithuanian Armed Forces. The strategy will help the different actors in the defence sector (science, business, state institutions, the Lithuanian Armed Forces) to focus their efforts on the same goals, as well as facilitate cooperation, competitiveness and innovation development in the Lithuanian defence industry.

Participants: Lukas Charitonovas, Dominykas Kugelevičius

7 September 2023 - 1 March 2024

Sustainable consumption: how to encourage repair and reuse?

LR Teisingumo ministerija

The aim of the project is to find out how to promote the repair and re-use of objects in Lithuania.

Participants: Gintarė Petrauskaitė, Rūta Kukulskytė