In the modern economy, almost every business is a tech business, with digitization, automation, and data solutions embedded into multiple operations. But with these advancements come risks. One of the most critical risks is that responsibility for technology often does not sit with companies themselves but instead with an array of third-party suppliers, service providers, and subcontractors. By outsourcing IT services, companies can unlock efficiencies and innovation. The downside is that they can also struggle to ensure that their businesses remain secure and resilient.
Modern technology supply chains are not much like chains at all. In fact, they are more like three-dimensional spiderwebs, each strand of which is connected to and dependent on others, and some of which are far removed from the company itself. As such, technology risk management is increasingly concerned not only with immediate supplier relationships but also with distant and sometimes ambiguous third parties, or nth parties, which often sit several layers away from the company’s direct line of sight.
Third- and nth-party supplier cyberincidents are a significant source of risk, in some cases leading to…
