Skip to content
Members Only Article

Third-Party Risk Alarm: A JPMorgan Executive Calls Out Software-as-a-Service

August 8, 2025 | 4 minutes reading time | By Michael Shashoua

IT security issues and concentration risk can have systemic consequences, Chief Information Security Officer Patrick Opet has warned.

The volatile mix of geopolitical and cyber risks was expected to stir the pot at the 2025 RSA Conference, one of the biggest cybersecurity gatherings. Yet alarm about a third-party risk caused a buzz that reverberated during and well beyond the San Francisco event.

It was an April open letter by Patrick Opet, JPMorgan Chase’s chief information security officer, that took to task third-party technology suppliers, specifically the “software-as-a-service (SaaS) delivery model,” for enabling cyber attackers and “creating a substantial vulnerability that is weakening the global economic system.”

Restating his view on LinkedIn, Opet said, “SaaS has delivered real enterprise value – but it’s also quietly introduced dangerous concentration risk.” The letter’s 800-plus words laid out why “security must be built in by default; the SaaS integration models have undermined foundational security practices; and convenience can no longer outpace control.”

The salvo prompted reactions such as this “RSAC takeaway” from SAFE Security: “Third-party risk management (TPRM) isn’t just a pain point. It’s the pain point.” The vendor went on to say that...

to access this content.

Become a GARP Member to Unlock Exclusive Risk Insights and More!

  • Access timely articles, thought leadership, and an archive of on-demand webcasts, event recordings, and Chapter meeting presentations in our Member Multimedia Library.
  • Get regulatory capital data for global and regional banks in North America, Europe, Asia, and Africa through our Pillar 3+ data analytics platform from the GARP Benchmarking Initiative (GBI®).
  • Gain priority registration to attend any worldwide Chapter meeting for free, as well as preferential rates for GARP events and access to local members-only dinners and professional networking opportunities.
  • Receive comprehensive access via our digital GARP Learning platform to the latest curriculum readings, videos, end of chapter practice questions, and more for the program(s) of which you passed the exam(s).

Topics: Cybersecurity

Trending

Article Members Only

Third-Party Risk Alarm: A JPMorgan Executive Calls Out Software-as-a-Service

August 8

IT security issues and concentration risk can have systemic consequenc...

Cybersecurity
Read Article