Concentration risk helps you understand your fourth-party risk exposure by automatically uncovering your most common fourth-parties. Fourth-parties are a critical area of risk in your supply chain that could impact your business in the event of a breach or other cyber attack.
Most organizations rely on their third-party vendors to monitor their fourth-parties. But without a clear understanding of your fourth-party risk exposure, outages, disruptions, and breaches can threaten your organization. You may even be liable for data loss.
In short, without understanding your concentration risk it is difficult to achieve any level of cyber resilience.
Concentration risk highlights each fourth-party’s security rating, the number of their products used, and the number of your vendors using them. By default, the most popular fourth-parties appear first.
You can also view concentration risk by product. This view shows which products are being used, the vendor, and their security rating, product category, and the number of your vendors using the product. By default, the most popular products appear first.
In summary, concentration risk is designed to provide in-depth information about fourth-party vendors to help you plan for disaster recovery, assess downstream impacts, and streamline breach response. UpGuard customers use concentration risk to:
- Add fourth-parties to their list of continuously monitored vendors
- Validate assessment responses from third-parties on the use of fourth-parties
- Enforce or update contract terms limiting third-parties from using fourth-parties
- Adjust their business continuity and disaster recovery plans