The world is complex, and ultimate control may be beyond our grasp; yet our decisions – what we eat, where we
go, how we do business, and why we turn in one direction instead of another – still matter. In business, choosing to partner with one company or another is a decision that firms regularly make, and those decisions can have a profound effect on the risk that the sourcing firm is exposed to.

When managing risk, making binary assumptions, -- either something is good (safe) or bad (unsafe) -- is tempting. To get on with the business of business and not be paralyzed with perpetual analysis, we have to make informed decisions about the risks and benefits that a business relationship entails. This must be done by understanding not only the potential consequences for an organization but also for that organization’s network of vendors, suppliers, customers, and employees.

In this risk surface series, RiskRecon, a Mastercard Company, and Cyentia have worked to help third-party risk managers understand how to measure and manage risk. We’ve seen variation across industries and other slices. But not all firms are interchangeable. A payroll processor cannot be replaced with a janitorial supply company, at least not with good business outcomes! In this report, we look at what distinguishes top-performing firms from those that struggle the most. Armed with this knowledge, Third-Party Risk Management (TPRM) professionals can take into account the totality of their risk surface, and how it impacts the overall security performance of an organization.
As discovered in our previous report on third-party risk management, 1 in 3 programs assess over 100 vendors per year. And they have good reasons to do so.

We first decided to take a look at the typical number of high-value findings found on high-value hosts. On average, a bottom-performing organization has 360 times (yes, 36,000%) more high-value findings than a typical top-performing partner.

Against this backdrop, throughout this report, we’ll not only define how we identify top and bottom performers in terms of high risk, but we’ll also dive deeper into what divides the two bookend performers in terms of key performance indicators that influence their risk surface.

Download the full report here to see how you can understand and navigate the internet risk surface safely.