In reaction to a series of high-profile data breaches that originated in third-party networks, many organizations have implemented third-party risk management (TPRM) programs.
The existence of these programs is an important defense against encroaching cyber threats. However, in our experience working with thousands of companies all over the world, we’ve noticed that many of these programs rely on tools and processes that are expensive, non-scalable, and ineffective at reducing risk.
Some TPRM professionals (and the individuals who approve their budgets) are relying on subjective, outdated information to make decisions — and that information could be putting their organization at risk. In an effort to address this issue, we’re exploring nine misconceptions about third-party risk management that are most likely to negatively affect TPRM outcomes.
