Managing Cyber Risk: Lloyds Banking Group Case Study

Project: Cyber Risk Third Parties Programme and ‘BAU’ Cyber Supplier Assurance Framework

Client: Lloyds Banking Group


In 2017 Lloyds Banking Group (LBG) was using a number of providers to support its Cyber Transformation programme and support its on-going supplier assurance programme.  3VRM was asked to work with multiple functions to design and implement improvements to the Third Party Assurance framework.


In 2016 the Cyber Third Party workstream programme was limited to the update of IT Security schedules for the most critical suppliers.  3VRM introduced LBG management to a range of best practice tools and processes and worked to re-baseline the programme to include a number of additional components:

  • the development of a standard assurance method linked to the criticality of the supplier;
  • the delivery of a number of additional supplier on-site assessments;
  • a standard supplier criticality assessment method;
  • and the introduction and adoption of security ratings tools. 

As the programme has progressed, focus has moved on to remediating risks identified in the supply chain and then developing sustainable capability in the ‘business as usual’ organisation. 

3VRM has provided thought leadership and direction to the programme, and provided expert Cyber risk assessment resource to help deliver programme activities and augment the ‘business as usual’ assurance teams.



Over a three-year period the programme has elevated the bank’s approach to managing Cyber risk in the supply chain to become a leader and innovator in several aspects.

Specific achievements include:

  • the design and implementation of a new assurance method based on Hellios FSQS, and aligned to industry best practice;
  • the adoption of security ratings tools for supplier assurance and continuous risk monitoring, scaled to assess several hundred suppliers;
  • the design and implementation of a new operating model for Third Party Risk management from initial risk assessment, through due diligence to on-going assurance and risk and issue management;
  • the identification and subsequent remediation of >1000 new Third Party supplier risks and issues.

3VRM has helped to improve the quality of assurance capability across the organisation by:

Subscribe to our updates

Would you like to receive free Third Party Risk Management insights, case studies and tools?

Sign up here

Metro Bank Case Study

See how 3VRM partnered with Metro Bank to design and implement a supplier risk management framework.


Contact 3VRM

Connect: LinkedIn

Address: 28 Kansas Avenue, Media City, Salford, M50 2GL

Drop us a line

You can unsubscribe at any time by clicking the link in the footer of our emails. Find information about our privacy practices here.

We use Mailchimp as our marketing platform. By clicking to subscribe, you acknowledge that your information will be transferred to Mailchimp for processing. Learn more about Mailchimp's privacy practices here.