Cybersecurity Glossary
Third-Party Risk
Third-party risk refers to the potential security risks to an organization stemming from the use of third-party vendors, including those vendors in the supply chain as well as groups that may not typically perform security investigations such as law firms, building infrastructure maintenance and services, accounting firms, or even catering. Third-party risk is also posed by business partners and subsidiaries as well as the vendors that they work with.
While these third parties may be outside of the typical security and IT purview for an organization, they frequently have digital access or connectivity to an organization’s resources that are vulnerable to attack. Even in cases where the intended resource poses little risk, access to it can be used to establish a beachhead from which attackers can move laterally to discover more valuable assets (as happened in the Target breach). Third-party risk management involves continuously identifying, analyzing, and controlling all associated risks over the duration of the relationship.
See Also
Learning Center 
Vulnerability Management
Cybersecurity Risk Management: Process, Frameworks & Tips
Vulnerability ManagementCyber risk management is the process of identifying, analyzing, evaluating, and addressing cyber security threats to networked systems, data, and users. The goal is to minimize potential risks and help organizations protect their assets and business.
Resources Reports
External Risk Insights
Download this study to learn how to protect your most critical assets from being easily exploited by attackers as your enterprise expands to include more subsidiary brands and web applications.
Resources Reports
Attack Surface Management: The Foundation of Risk Management
Download the IDC EASM buyers guide and understand the key capabilities to look for when selecting an External Attack Surface Management solution with expert guidance and selection criteria from analyst firm IDC.
Use Cases
Monitor Subsidiary Risk
The CyCognito platform provides immediate visibility of your subsidiaries' security posture and attack surface with no deployment or configuration.
CyCognito Report
State of External Exposure Management, 2024 Edition
Critical vulnerabilities often hide in plain sight—especially in your web servers.
The report is a must-read for understanding today’s external risks and how to prioritize them effectively. Download the report to stay ahead of emerging threats and strengthen your security posture for 2025.