Mitigating Cybersecurity Risks in Financial Institutions through Strategic Third- Party Risk Governance Frameworks
Faith Hauwa Oluwapamilerin Kolo
*
Fairleigh Dickinson University, 1000 River Road, Teaneck, NJ, 07666, United States of America.
Sunday Abayomi Joseph
Ashland University, 401 College Avenue, Ashland, OH 44805, United States of America.
Akinde Michael Ogunmolu
Texas A&M University, 700 University Blvd, Kingsville, TX 78363, United States of America.
Valerie Ojinika Ejiofor
University of Tampa, 401 W Kennedy Blvd, Tampa, FL 33606, United States of America.
Seun Michael Oyekunle
Interswitch Group Nigeria, Plot 1648C, Oko-Awo Close, Karimu Kotun St, Victoria Island, Lagos, Nigeria.
*Author to whom correspondence should be addressed.
Abstract
This study investigates how strategic third-party risk governance frameworks can mitigate cybersecurity threats in financial institutions. Using data from the Verizon Data Breach Investigations Report, the Basel Committee’s Quantitative Impact Study, and the Privacy Rights Clearinghouse breach database, the research applies descriptive statistics, multivariate regression, and event study analysis. Key findings reveal that third-party software vulnerabilities and vendor credential theft account for 18.08% and 16.10% of breaches respectively. Regression results show that continuous monitoring and third-party audits significantly reduce incident frequency, while real-world breach events highlight governance lapses tied to delayed disclosure and inadequate oversight. The study recommends enforcing continuous vendor performance monitoring, mandating software supply chain audits, embedding cybersecurity clauses in vendor contracts, and promoting cross-institutional threat intelligence hubs. These insights offer targeted solutions to strengthen oversight and enhance cybersecurity resilience in increasingly complex vendor ecosystems.
Keywords: Third-party risk governance, cybersecurity breaches, financial institutions, vendor monitoring, software supply chain