A breach of your third and fourth parties is mathematically inevitable. The Identity Theft Resource Center reported a 14 percent increase in data breaches in 2022 over the preceding year, which follows a 68 percent increase from 2020 to 2021 (and 2020 broke the 2017 record with a 23 percent increase). The concept of zero trust operates on the assumption that a breach will happen, and it produces a strategy designed to reduce the impact (the blast radius) of that inevitable breach or incident. Considering the continued exponential growth of malicious cyber activities and the fact that most organizations have numerous vendors, embracing a zero trust strategy becomes the most reliable way to significantly decrease your vulnerability to third-party cyber risks.

In the past several years, cybersecurity risk in third-party risk management has increased significantly as malicious and criminal cybersecurity activity has also increased (up 800 percent since early 2020 according to FBI cyber reporting). In late 2021, the SolarWinds breach occurred, where a highly skilled and persistent actor utilized widely used software to infiltrate its ultimate targets: large technology companies and many three-letter governmental agencies. This breach served as a wake-up call for the cybersecurity and third-party risk management communities—a tangible example of a very dangerous and capable hacking organization leveraging a vendor to gain access to their intended ...