Despite CISOs making meaningful increases in time, money and technology to third-party cyber risk management (TPCRM), enterprises continue to be plagued by disruptive third-party-originating cyber incidents. Chris Mixter and Rahul Balakrishnan use Gartner’s latest global benchmarking to debunk the conventional wisdom around TPCRM, which drives cybersecurity leaders to increase effort without improving outcomes. Chris and Rahul also provide three practices that CISOs can implement immediately to improve TPCRM effectiveness.

This episode explores:

• Why cybersecurity should stop customizing due diligence questionnaires (06:20) 
• How to increase the likelihood that accepted third-party cyber risks become managed risks (13:30)
• Making contingency planning a core element of third-party cyber risk management (21:45)