Vendor Risk Management is, at first glance, explanatory by its name. What makes it difficult to understand is all the nuance that’s associated with this topic. It encompasses everything from business continuity to regulatory agencies to cybersecurity and much more.

For instance, if a supplier is located in a volatile region of the world (geopolitical, natural disaster prone, etc), this should add relative risk to this supplier compared to one that is located in a stable region.

Cybersecurity risk among your vendors has increasingly crowded out other facets of vendor risk because of the increase in observed cybersecurity risk as a whole. For instance, more data, both sensitive and non-sensitive, is being shared with vendors that could potentially expose their customers to data being lost to criminal hackers.

In addition, as processes and internal workflows are becoming more segmented by speciality, the other areas of vendor risk are being minimized due to a reduction in operational risk.

Therefore, it has been the prerogative of companies and enterprises to ensure their vendors are meeting cybersecurity standards through a periodic risk assessment of their vendors.

The main issue to investigate your vendors is: Are these vendors meeting our standard of care as it relates to defense against data breaches? Enterprises will usually target a level of defense similar to what their own organization does, or perhaps an even higher standard.