Managing third-party risk does not come in a one-size-fits-all package
Gaining confidence in your Third-Party risk management program includes the ability to scale easily and include your full supplier ecosystem – not just a handful of your largest suppliers perceived as the most critical due to their scale or your level of investment.
Small businesses accounted for 99.3% of all private sector businesses at the start of 2016 and 99.9% were small or medium-sized enterprises*. Odds are then that your organization has a large percentage of SMB suppliers. Any one of them could be the weak link in your company’s security infrastructure. * Federation of Small Businesses, 2017
An assessment approach that works for your global payroll provider, with more than 50,000 employees, will not work when it comes to assessing your 25-person law firm.
Both types of companies may have access to your networks or critical data, but their levels of sophistication – when it comes to cyber security – can be significantly different.