Trends Report

Cybersecurity Risk Ratings Remain A Valuable Piece Of The Third-Party Risk Puzzle

But Don’t Replace Third-Party Risk Management With Cybersecurity Risk Ratings

April 7th, 2023
With contributors:
Amy DeMartine , Paul McKay , Hailey DiCicco , Peter Harrison


Cybersecurity risk ratings platforms are a valuable tool in the third-party risk management (TPRM) technology stack — albeit one that is commonly misused. They are useful for augmenting third-party assessment questionnaires, getting a point-in-time snapshot of a firm’s external security posture, and monitoring third parties for changes over time. However, many firms use risk ratings to replace, rather than augment, their entire TPRM programs. Security and risk pros should read this report to understand the limitations of these ratings solutions and learn how to effectively integrate cybersecurity risk ratings into their overall third-party risk management program.

Want to read the full report?

Contact us to become a client

This report is available for individual purchase ($1495).

Forrester helps business and technology leaders use customer obsession to accelerate growth. That means empowering you to put the customer at the center of everything you do: your leadership strategy, and operations. Becoming a customer-obsessed organization requires change — it requires being bold. We give business and technology leaders the confidence to put bold into action, shaping and guiding how to navigate today's unprecedented change in order to succeed.