Structured Third-Party Risk Management Essential to Mitigate Supply Chain Cyber Threats

The current landscape of cyberattacks targeting the supply chain necessitates a structured and continuous approach to Third-Party Risk Management (TPRM) to dynamically assess supplier-related risks. Each vendor represents a potential entry point for attackers. The article discusses methods to make this risk measurable by integrating regulatory frameworks such as the NIS 2 directive, the EU's DORA regulation, GDPR, and standards like NIST. The goal is to adopt a mature risk management model applicable to both infrastructure and cloud solutions to secure the supply chain.