How often does procurement include cyber risk assessment requirements in their engagement requests?

Third Party Risk Management (TPRM)Security Strategy & Roadmap

Always17%

Often40%

Sometimes26%

Rarely13%

Never1%

Not sure

423 PARTICIPANTS

3.1k views1 Comment

Sort by:

CTO2 years ago

It depends on the size of the business. In my experience, most of the publicly listed companies' procurement team will have this requirement as part of due diligence of vendor onboarding process.

For private companies, it depends on the size and agility of the business that matters the most.

Another driver for this requirement comes from regulatory compliance side and that too depends on which sector the company is operating.

Content you might like

Do you have a security behavior and culture program (SBCP)?

Yes23%

We’re currently developing an SBCP27%

We’re currently exploring SBCPs27%

No, but I expect that will change13%

No, and I don’t expect that to change6%

Other (please specify)1%

View Results

I'm looking to go for the Certified CISO certification & training as I'm an aspiring CISO. Any recommendations and additional certifications that I should be doing along with that? I already have CISSP.

AI deepfakes have cost the industry over $200M this year. As CISOs, can we scale detection fast enough, or is regulatory pressure the only way to drive adoption?

I wanted a point of view on migration from on-prem AD and SCCM to AAD and Intune. Would be great to have a perspective on, - Is there a real need since SCCM is still undersupport from Microsoft? - I understand that we can get rid of onprim AD Infrastructure and move on SaaS, but any other benefits we get by doing this?

How would you rate the security of your on-premises network servers?

Excellent12%

Very good54%

Good27%

Fair5%

Poor

Very poor