
Digital Content

- Unlimited access to peer-contribution articles and insights
- Global research and market intelligence reports
- Discover iNFRont Magazine, an NFR publication
- Panel discussion and presentation recordings



- JPMorgan Chase CISO Patrick Opet warns that prioritizing speed over security in software development is compromising global economic stability
In a candid open letter,
Patrick Opet, Chief Information Security Officer at JPMorgan Chase, has called
upon third-party software vendors to reevaluate their development priorities,
emphasizing that the current emphasis on speed over security is creating
significant vulnerabilities within the global economic system.
Opet's concerns are not
isolated. A recent survey by BlueVoyant revealed that nearly two-thirds of UK
businesses do not prioritize third-party cyber risk management, despite 95%
reporting negative impacts from supply chain cyber breaches within the past year.
Further highlighting the issue,
research from cyber risk solutions company Resilience indicated that
third-party risks accounted for 31% of all cyber insurance claims in 2024, with
23% resulting in material losses—a significant increase from previous years
Opet emphasized that the
widespread adoption of SaaS solutions has led to the erosion of traditional
security boundaries, such as those between APIs and backend systems.
This interconnectedness, while
beneficial for productivity, can grant attackers unprecedented access to
sensitive data if not properly secured.
He also pointed out the
compounded risks posed by the reliance on fourth-party vendors, which can
exponentially increase the attack surface and potential for breaches.
To address these challenges,
Opet advocates for the implementation of 'secure and resilient by design'
principles, urging vendors to integrate advanced authorization methods,
proactive detection capabilities, and robust controls into their development processes.
He stresses that traditional
segmentation may no longer suffice in the modern digital landscape, and a more
sophisticated approach to security is necessary.
Opet's call to action serves as
a critical reminder of the importance of prioritizing security in software
development, especially as businesses increasingly depend on third-party
solutions.