After large breaches at well-known organizations including Home Depot, Capital One, Equifax, Best Buy and many others, CISOs, Cybersecurity professionals and business leaders have spent countless hours and money upgrading their cybersecurity internally. Data Loss Prevention, Cloud Access Security Broker, Intrusion Detection/Prevention, Zero Trust, Privileged Access Manager, and countless other projects and systems have been purchased and integrated to head off breaches.

And yet the size and frequency of breaches continue to grow.

The real kicker: many of these major breaches occurred at a third-party. These companies, like too many others still, did not pay attention to the cybersecurity of their vendors. These caused large financial penalties, but the reputational losses were often enormous. Both for the companies and the personnel who ran the cybersecurity at these firms. And sixty percent of companies admit not performing adequate cybersecurity vetting of vendors. Thirty-three percent report they have none or ad-hoc cybersecurity vetting process for third parties.


Because they have your customer data or connect to your network, third-parties have become physical attestations of your own business. Cybersecurity due diligence and due care must be more aggressive in their approach to this risk domain; it is no longer enough to perform it as a compliance function but must be active and engaged in real-time with third-party cybersecurity.


With this book you will learn how to create a third party risk program with cybersecurity at the lead, greatly lowering the risk of a breach from a third party. By leveraging this program to grow its maturity your organization will go from being reactionary to predictive.