Adding to this view, Jim Routh, chief trust officer at Saviynt, argues that the future of risk management lies in real-time, data-driven scoring, not outdated surveys. “Questionnaires are inadequate,” he says. “We need to apply data science to track risk daily and educate regulators and auditors on why that’s necessary.”
A vulnerability discovered today could be exploited tomorrow. For that reason, relying solely on point-in-time assessments or third-party attestations isn’t enough to manage fourth-party risk, Lorri Janssen-Anessi, director of external cyber assessments at BlueVoyant, says. When companies lack direct contracts with fourth parties and therefore can’t enforce audits or specific controls, external intelligence becomes essential.
However, putting continuous monitoring into practice becomes even more difficult in complex global supply chains.
