How often does procurement include cyber risk assessment requirements in their engagement requests?

Security Strategy & RoadmapThird Party Risk Management (TPRM)

Always19%

Often39%

Sometimes25%

Rarely13%

Never1%

Not sure

421 PARTICIPANTS
3.1k viewscircle icon1 Comment
Sort by:
CTO2 years ago

It depends on the size of the business. In my experience, most of the publicly listed companies' procurement team will have this requirement as part of due diligence of vendor onboarding process. 

For private companies, it depends on the size and agility of the business that matters the most. 

Another driver for this requirement comes from regulatory compliance side and that too depends on which sector the company is operating.

Content you might like

Is "serverless" a term that is actively being used or evaluated within your organization? Comment with your stories...

Yes35%

Yes, but not enough, we want/need to ramp up38%

No20%

No, but I expect this will change soon5%

View Results

How can security leaders in smaller organizations stay informed about emerging threats if they don’t have access to formal threat intelligence feeds?

Read More Comments

What’s been the best way to optimize spend?

Eliminate Redundancy29%

Re-negotiate with vendors / take advantage of incentives44%

Shut down / pause what has been inactive13%

Update legacy and leverage emerging / more financially advantageous tools12%

View Results

How have you adjusted the architecture of your controls for data, identity and access to better support AI governance and security?

Read More Comments

What are your preferred tactics for building effective collaboration on cross-functional teams involved in AI governance and risk management (e.g., joint steering committees, shared KPIs, etc.)? Which roles are currently involved?

Read More Comments