Abstract for: Threat actors’ perspective on organizations: Why shouldn’t we do the same to manage cyber risk in the supply chain?

This exploratory research focusses on an approach to evaluate 3rd party cyber risk exposure often referred to as 3rd party security management. Traditional and commonly accepted approaches in cyber security management are retrospective and static in nature and struggling with the dynamic nature of cyber risk. Our alternative approach embraces the dynamic nature of cyber risk and uses a forward-looking analysis. By using external available data (from honeypots) and taking the perspective on an adversary, we were able to indicate a range of cumulative security incidents over the period of 12 months. Our research results indicate that traditional support tools for 3rd party security management can be augmented by forward-looking analysis strengthening the ability to assess and govern supply chains on the aspect of cyber risk.