Partnerships and dependencies will always involve a certain level of risk. Where second-party risk is difficult to manage or account for, it may be that a certain level of expected exposure is accounted for in risk planning.
C-suite can work with General Counsel and external legal support to make sure thorough due diligence is carried out and everyone is satisfied that compliance and regulations are being met. Consistently assessing the tech risk profile of relevant suppliers will offer additional peace of mind.
At the same time, given that network risk exposure is revealed to be lower than that from purely external and internal sources, business leaders may want to consider what practices they can take from their supply chain risk management to apply elsewhere in the organisation.