Have you ever exited a vendor relationship specifically because of its poor response to a breach?

Third Party Risk Management (TPRM)Risk Management

Yes 57%

No 31%

Prefer not to say 11%

Other

54 PARTICIPANTS
444 viewscircle icon1 Upvotecircle icon1 Comment
Sort by:
Senior VP & CISOa month ago

Not specifically to a single breach (we've all had them), but we do need to manage the risk associated with a supplier that does not perform consistently with safeguarding our sensitive information. We had definitely taken action against a supplier that has had an historical pattern of poor cyber hygiene and/or insufficient prioritization of protecting our sensitive data, identity, and/or accesses.

Content you might like

Can you share any effective processes/strategies you’ve used to integrate cyber risk management and enterprise risk management at your org?

Read More Comments

Does your org currently allow auto-updates from vendors or are updates tested internally?

We allow vendor auto-updates48%

Updates are tested internally52%

Other/unsure

View Results

Do you use an ERM-system that also includes cyber security risk management? What tools or systems do you use?

Read More Comments

What are some best practices to follow when your organization is preparing to end a vendor relationship? What can you do to minimize the operational disruption that would result?