• JPMorgan Chase CISO Patrick Opet warns that prioritizing speed over security in software development is compromising global economic stability
• BlueVoyant survey finds nearly two-thirds of UK businesses do not prioritize third-party cyber risk management
• Resilience reports third-party risks accounted for 31% of cyber insurance claims in 2024, with 23% resulting in material losses
• Opet highlights the erosion of traditional security boundaries due to widespread SaaS adoption
• Calls for implementation of 'secure and resilient by design' principles in software development
• Emphasizes need for advanced authorization methods and proactive detection capabilities
• Stresses that traditional segmentation may no longer be sufficient in the modern digital landscape

In a candid open letter, Patrick Opet, Chief Information Security Officer at JPMorgan Chase, has called upon third-party software vendors to reevaluate their development priorities, emphasizing that the current emphasis on speed over security is creating significant vulnerabilities within the global economic system.​

Opet's concerns are not isolated. A recent survey by BlueVoyant revealed that nearly two-thirds of UK businesses do not prioritize third-party cyber risk management, despite 95% reporting negative impacts from supply chain cyber breaches within the past year. ​

Further highlighting the issue, research from cyber risk solutions company Resilience indicated that third-party risks accounted for 31% of all cyber insurance claims in 2024, with 23% resulting in material losses—a significant increase from previous years

Opet emphasized that the widespread adoption of SaaS solutions has led to the erosion of traditional security boundaries, such as those between APIs and backend systems.

This interconnectedness, while beneficial for productivity, can grant attackers unprecedented access to sensitive data if not properly secured.​

He also pointed out the compounded risks posed by the reliance on fourth-party vendors, which can exponentially increase the attack surface and potential for breaches.​

To address these challenges, Opet advocates for the implementation of 'secure and resilient by design' principles, urging vendors to integrate advanced authorization methods, proactive detection capabilities, and robust controls into their development processes.

He stresses that traditional segmentation may no longer suffice in the modern digital landscape, and a more sophisticated approach to security is necessary.​

Opet's call to action serves as a critical reminder of the importance of prioritizing security in software development, especially as businesses increasingly depend on third-party solutions.