CeFPro Connect

Article
JPMorgan CISO Blames SaaS Vendors for Global Cyber Vulnerabilities
JPMorgan Chase’s Chief Information Security Officer, Patrick Opet, has issued a stark warning to software vendors, asserting that their prioritization of rapid deployment over robust security measures is compromising global economic stability.
May 06, 2025
Tags: Industry News Cyber
JPMorgan CISO Blames SaaS Vendors for Global Cyber Vulnerabilities
The views and opinions expressed in this content are those of the thought leader as an individual and are not attributed to CeFPro or any other organization
  • JPMorgan Chase CISO Patrick Opet warns that prioritizing speed over security in software development is compromising global economic stability
  • BlueVoyant survey finds nearly two-thirds of UK businesses do not prioritize third-party cyber risk management
  • Resilience reports third-party risks accounted for 31% of cyber insurance claims in 2024, with 23% resulting in material losses
  • Opet highlights the erosion of traditional security boundaries due to widespread SaaS adoption
  • Calls for implementation of 'secure and resilient by design' principles in software development
  • Emphasizes need for advanced authorization methods and proactive detection capabilities
  • Stresses that traditional segmentation may no longer be sufficient in the modern digital landscape

Newsletter - in-text

In a candid open letter, Patrick Opet, Chief Information Security Officer at JPMorgan Chase, has called upon third-party software vendors to reevaluate their development priorities, emphasizing that the current emphasis on speed over security is creating significant vulnerabilities within the global economic system.​

Opet's concerns are not isolated. A recent survey by BlueVoyant revealed that nearly two-thirds of UK businesses do not prioritize third-party cyber risk management, despite 95% reporting negative impacts from supply chain cyber breaches within the past year. ​

Further highlighting the issue, research from cyber risk solutions company Resilience indicated that third-party risks accounted for 31% of all cyber insurance claims in 2024, with 23% resulting in material losses—a significant increase from previous years

Opet emphasized that the widespread adoption of SaaS solutions has led to the erosion of traditional security boundaries, such as those between APIs and backend systems.

This interconnectedness, while beneficial for productivity, can grant attackers unprecedented access to sensitive data if not properly secured.​

He also pointed out the compounded risks posed by the reliance on fourth-party vendors, which can exponentially increase the attack surface and potential for breaches.​

To address these challenges, Opet advocates for the implementation of 'secure and resilient by design' principles, urging vendors to integrate advanced authorization methods, proactive detection capabilities, and robust controls into their development processes.

He stresses that traditional segmentation may no longer suffice in the modern digital landscape, and a more sophisticated approach to security is necessary.​

Opet's call to action serves as a critical reminder of the importance of prioritizing security in software development, especially as businesses increasingly depend on third-party solutions.

Sign in to view comments
You may also like...
ad
Related insights