The Future of Vendor Risk Assessments for Data Security and Governance: A Zero Trust Approach

Data is the lifeblood of today’s digital businesses, and protecting it from theft, misuse, and abuse is the No. 1 responsibility of every data security professional. Hackers stealing customer data can erase millions in profits within weeks, stolen intellectual property can erase competitive advantage overnight, and unexpected privacy abuses can bring unwanted scrutiny and fines from regulators while inflicting reputational damage that can last months, even years.

Data security breaches are increasingly attributed to vendors and other third parties that service the company under attack. Roughly one-third of all breaches in the last few years have occurred as a result of external attacks targeting a third-party supplier (a Top 3 attack vector), according to Forrester’s Business Technographics Global Security Survey. Despite growing reliance on vendors and other third parties, organizations are inconsistent in their information security protocols for assessing vendors. As data security breaches are reaching crisis proportions, companies continue to struggle to secure a growing portion of their business – their third parties.

Our research shows that a staggering 90 percent of companies don’t know who their third parties are and what business they’re doing with them. Conventional information security measures and GRC tools have lulled companies into a false sense of security.  Without knowledge of the problem and proper security protocols in place, companies can’t categorize the level of risk or take appropriate action based on each particular situation.  They’ll leave themselves open to attacks that cause harm to company revenue, reputation and regulatory profiles.


Achieving a high level of certainty with data risk across even a hand full of vendors, let alone across your entire supply chain is no easy feat. That’s why we’ve added the Assessments feature to ease the stress of starting a risk management program. Email us at to see how Assessments can meet your risk management needs. Our webinar, Trust, but Verify: The Evolution of Vendor Risk Management For Today’s Organizations, is another great resource to learn about vendor risk management.