Cybersecurity risk ratings are rapidly becoming a critical component of third-party cyber risk management programs. Security leaders are beginning to use them to find quantitative data to scrutinize the statements made about security by their third parties, supporting business critical commercial discussions and risk decisions. Increasingly, security leaders are seeking to operationalize this data to build more robust information from which they can base their risk management decisions upon.
RiskRecon spoke to Forrester’s London based Senior Analyst Paul McKay to discuss how security leaders are making use of ratings data within their third-party risk management processes.
