How often does procurement include cyber risk assessment requirements in their engagement requests?

Security Strategy & Roadmap Third Party Risk Management (TPRM)

Always21%

Often40%

Sometimes24%

Rarely12%

Never1%

Not sure

419 PARTICIPANTS

3.1k views1 Comment

Sort by:

CTO2 years ago

It depends on the size of the business. In my experience, most of the publicly listed companies' procurement team will have this requirement as part of due diligence of vendor onboarding process.

For private companies, it depends on the size and agility of the business that matters the most.

Another driver for this requirement comes from regulatory compliance side and that too depends on which sector the company is operating.

Content you might like

What are the challenges and best practices in implementing robust time-sensitive access controls and location-based risk assessments for secure remote work environments?

What sorts of challenges have you encountered in adapting your governance framework to address AI adoption across business units, and how are you attempting to resolve these?

Does your org use Protection-level agreements (PLAs) when planning cybersecurity investments?

Yes, always25%

Sometimes49%

No, never17%

Not yet, but we're going to start5%

What's a PLA?2%

View Results

Are you seeing changes in the quality or speed of threat intelligence from sources you relied on in previous years? Can you share how you are being impacted so far by the uncertainty around public-private partnerships for cyber information sharing?

With so many different cybersecurity solutions, how do you ensure the tools talk to one another?

Use vendor integrations46%

Fragmented ecosystem59%

Utilize in-house staff41%

Other (comment below)1%