How often does procurement include cyber risk assessment requirements in their engagement requests?

Security Strategy & RoadmapThird Party Risk Management (TPRM)

Always25%

Often36%

Sometimes24%

Rarely12%

Never1%

Not sure

426 PARTICIPANTS
3.1k viewscircle icon1 Comment
Sort by:
CTO2 years ago

It depends on the size of the business. In my experience, most of the publicly listed companies' procurement team will have this requirement as part of due diligence of vendor onboarding process. 

For private companies, it depends on the size and agility of the business that matters the most. 

Another driver for this requirement comes from regulatory compliance side and that too depends on which sector the company is operating.

Content you might like

Have you found privileged access management more difficult than identity access management?

Much more difficult2%

Somewhat more difficult42%

Slightly more difficult22%

No difference17%

Slightly less difficult13%

Somewhat less difficult1%

Much less difficult

Unsure

View Results

What would be the strategy to raise awareness among small businesses about investing in Cybersecurity?

As organizations deploy LLMs and other AI systems, how do you recommend security teams address risks such as data leakage, prompt injection and adversarial manipulation? What frameworks or practices should be prioritized to make AI security programs resilient from day one?

Looking to benchmark. If you are in-process of pursuing the ISO 42001 or have obtained it, how have you measured the business value?

Organizations should invest in a data governance framework preemptively.

Strongly agree18%

Agree66%

Neutral11%

Disagree3%

Strongly disagree

View Results