How often does procurement include cyber risk assessment requirements in their engagement requests?

Security Strategy & RoadmapThird Party Risk Management (TPRM)

Always20%

Often40%

Sometimes24%

Rarely13%

Never1%

Not sure

426 PARTICIPANTS
3.1k viewscircle icon1 Comment
Sort by:
CTO2 years ago

It depends on the size of the business. In my experience, most of the publicly listed companies' procurement team will have this requirement as part of due diligence of vendor onboarding process. 

For private companies, it depends on the size and agility of the business that matters the most. 

Another driver for this requirement comes from regulatory compliance side and that too depends on which sector the company is operating.

Content you might like

Does your org do anything for Data Privacy Week?

Yes (tell us about it in the comments)53%

No but we should39%

No7%

View Results

What are your preferred tactics for building effective collaboration on cross-functional teams involved in AI governance and risk management (e.g., joint steering committees, shared KPIs, etc.)? Which roles are currently involved?

Read More Comments

How have you adjusted the architecture of your controls for data, identity and access to better support AI governance and security?

Read More Comments

I'm looking to go for the Certified CISO certification & training as I'm an aspiring CISO. Any recommendations and additional certifications that I should be doing along with that? I already have CISSP. 

Read More Comments

What's the biggest IoT security vulnerability today?

Weak passwords8%

Lack of consistent update or patch processes37%

Unsecured network services37%

Outdated or unsecured IoT app components8%

Unsecured data storage and transfer5%

Something else (comment below)3%

View Results