The CISO’s Perspective: Third-Party Risk Management

Community Blog
Written by Collin Lingo
MAY 12, 2022

Where are we headed? What’s next? Often, these questions go without singular, acute or focused answers. But now, with the Leadership Perspective Survey-gathered input and wisdom of nearly 1,000 Chief Information Security Officers from organizations across the globe, top goals and priorities take shape. Not least among them, Third-Party Risk Management.

Frequently placed in the top ten priorities for CISOs, Third-Party Risk Management (TPRM) is a necessary but broad concept; often used to describe any and all of an organization’s efforts to defend itself from the possible breach of a business partner’s network.

Today, TPRM ranks in the top two priorities for CISOs overall, coming second only to Cloud Security. 

Most executives (85%) see third-party defense practices as an all-but-required risk mitigation measure. Meanwhile, nearly half of the executives surveyed (47%) hope to see it improve the efficiency of business operations.

But it isn’t always easy keeping up with the innumerable vulnerabilities of partner organizations. One third of CISOs surveyed call the “quickly changing landscape” their paramount TPRM hurdle. Most CISOs (47%), however, say their primary issue is a “lack of resources.”

“Should we do surveys,” one CISO asked, searching for a starting point. “If we are supposed to do surveys, is there a tool for that? Or, are we going to start having a security attestation for third parties and vendors?”

For now, these solutions remain hypothetical for many. But the need to manage and account for the security of our organizations' third-parties is real. In fact, it’s so real that, in 2022, CISOs are planning to invest heavily fighting the results of poorly-managed third-party relationships.

According to research, CISOs placed “vendor risk management” 6th on a list of top spend areas for 2022 (outranked by Cloud Security; Data Loss Prevention; IAM/Multi-Factor Authentication; Governance, Risk & Compliance; and Application Security).

Below, you’ll find a breakdown of how Evanta CISO communities have ranked this investment priority and the timeline for when they plan to invest.


Third Party Risk Management will be a topic on the agenda at the below CISO Executive Summits this spring: 

Dallas CISO Executive Summit on May 17th

Chicago CISO Executive Summit on May 24th

St. Louis CISO Executive Summit on June 14th

There are always opportunities to discuss risk management with your CISO peers. See the upcoming gatherings across Evanta CISO communities here.

Collin Lingo headshot

Collin Lingo

Content Manager at Evanta, a Gartner Company

by CISOs, for CISOs

Find your local community and explore the benefits of becoming a member.

Learn More

Suggested posts

BLOG | APRIL 24, 2024
BLOG | APRIL 24, 2024

Preview 7 Sessions at Upcoming International CIO Summits

CIOs across Evanta’s international communities are getting ready to gather in person for their Executive Summits, focusing on themes like unlocking AI’s potential, creating alignment with the business and improving operational resiliency. Check out 7 sessions offering a glimpse of these topics and more.
BLOG | APRIL 22, 2024
BLOG | APRIL 22, 2024

9 Key Topics Featured at CHRO Executive Summits

This spring, CHROs around the world will get together at 9 regional CHRO Executive Summits, and the agendas feature timely and relevant topics driven by CHROs, for CHROs. Here is an early look at 9 highly anticipated sessions at upcoming CHRO Executive Summits.
BLOG | APRIL 15, 2024
BLOG | APRIL 15, 2024

Key Priorities & Opportunities for the C-Suite in 2024

Every year, Evanta conducts a proprietary Leadership Perspective Survey among the members of our C-level communities around the world. Our survey provides the opportunity to compare top enterprise priorities across C-suite roles. Read what more than 3,700 executives told us they are focusing on in 2024.
VIEW MORE POSTS