Third Party Risk


With the security threat landscape evolving rapidly, cyber professionals face an alarming set of new vulnerabilities, especially in third-party security. The changing business and technology landscape is placing added pressure on third-party programs.

Industry trends driving increased exposure to third-party security risk:

  • Proliferation of business partners/suppliers across all organizational functions
  • Greater reliance on specialized third-party services and products
  • Extreme digitization throughout the supply chain and the increasing attack surface
  • Aggressive investments by adversaries in developing highly sophisticated tools and techniques
  • Rapid pace of change within partners/suppliers exacerbating the latency challenge of point-in-time assessments
  • Deep focus by regulators and punitive enforcement action for noncompliance
  • Pressure from executive leadership to demonstrate a return on security investment


Common questions that KPMG can help organizations address

  • How does our program compare to other organizations in our industry?
  • Do we have adequate resources to securely manage an expanding partner/
    supplier ecosystem?
  • How do we evolve the program to move at pace with the business needs?
  • How can we determine the right amount of assurance?
  • How can we keep pace with the accelerating pace of change within our partner/supplier ecosystem?
  • Where are the automation opportunities within third-party security?
  • How can we enhance our third-party risk metrics and risk reporting capabilities?
  • How can we transform from programs operating in silos to better integration among departments?


The KPMG approach

KPMG has developed an integrated portfolio that enables a more proactive approach to third-party security, using technology-enabled innovations to cut costs. The service offering includes:

  • Third-party security client program navigator
  • Program design and transformation
  • Artificial intelligence powered digital worker
  • Continuous assessment and monitoring
  • Smarter assessments and managed services

Our people

Michael Gomez

Michael Gomez

Principal, Cyber Security, KPMG US

Mitushi Pitti

Mitushi Pitti

Managing Director, Cyber Security Services, KPMG US