Trading Up From Tradeoffs: AI Driving Broader, Deeper Nth Party Cyber Risk Assessment

The level of challenges that any given 3rd or Nth party partner presents always depends on the types of interaction a company has with those third parties: some we may only connect with; others we may share data with; still others we may recruit people from or partner closely with or even use their SaaS platform. 

Determining the scope and depth of assessments on the cyber risks of this complex ecosystem of Nth party cyber partners has, until now, inherently involved making trade-offs in deference to a company’s budgets and risk management resources. And as risk pros know, each trade-off has been fraught with its own risks and levels of exposure.  

Trade Offs: There’s so many partners, data and layers of interconnectivity and degrees of interaction that TPRM teams have been forced to narrow and lower the scope and depth of assessments in order to reduce the time and labor involved. But that approach is ignoring the larger issue of who can most impact us overall in the event that they’re breached.   

Adding to this pressure is a fundamental shift in C-suite expectations around TPRM. It was occasionally and mistakenly viewed as a “checking the box” compliance function, but today, we as risk managers are charged with identifying the risks and understanding and clearly communicating the possible impacts of those impacts.   

Enter AI. 

The use of AI lets us add efficiency and speed to widen both the scope to full population of 3rd parties and also identify and evaluate the parties with the greatest potential impact on risk. Ideally this evaluation is done continuously. 

This engaging session will explore specific processes for enabling better and more risk abatement through AI than solely manual processes could possibly enable, and identifying where invoking compensating controls are required with unprecedented precision.