How often does procurement include cyber risk assessment requirements in their engagement requests?

Security Strategy & RoadmapThird Party Risk Management (TPRM)

Always19%

Often39%

Sometimes25%

Rarely13%

Never1%

Not sure

421 PARTICIPANTS
3.1k viewscircle icon1 Comment
Sort by:
CTO2 years ago

It depends on the size of the business. In my experience, most of the publicly listed companies' procurement team will have this requirement as part of due diligence of vendor onboarding process. 

For private companies, it depends on the size and agility of the business that matters the most. 

Another driver for this requirement comes from regulatory compliance side and that too depends on which sector the company is operating.

Content you might like

What are your preferred tactics for building effective collaboration on cross-functional teams involved in AI governance and risk management (e.g., joint steering committees, shared KPIs, etc.)? Which roles are currently involved?

Read More Comments

As a cybersecurity leader, do you feel at risk personally (legal / criminal) for your company's actions?

Yes76%

No20%

Depends (share a comment)3%

View Results

What processes do you follow to audit AI models for compliance with evolving privacy regulations? How frequently do you run these audits?

Has increasing the role of DevSecOps (SIEM, UEBA, threat analytics, etc.) successfully resulted in less attacks?

Yes36%

Yes, but not as much as we hoped49%

No10%

No, but we're optimistic that will change4%

View Results

How have you adjusted the architecture of your controls for data, identity and access to better support AI governance and security?

How often does procurement include cyber risk assessment requirements in their engagement requests? | Gartner Peer Community