Vendor risk is vast ocean of pitfalls and possibilities. Here’s how to navigate it

February 3, 2022 | By Johan Gerber

New Cybersecurity Alliance Program offers access to cyber risk management scores so businesses can better protect themselves from third-party risk

Business used to be simple – it was done via phone calls, handshakes and your personal network. But the world has grown, and while technology is helping make life easier, it’s also potentially making things a little riskier too. Businesses of all shapes and sizes are working with more companies than ever before to access the services and support they need – and this is expanding their pool of vendors to ocean-size depths.

In fact, according to one study, companies report that they share their data with 583 third parties on average. That’s a lot of fish in one company’s sea. As the number of digital connections between consumers, businesses, and governments grows exponentially, monitoring this complex ecosystem can be overwhelming. When you consider how many vendors and partners any one company might work with, it’s critical to have greater trust and confidence in every link.

That’s why RiskRecon, a Mastercard company, has launched the Cybersecurity Alliance Program, which places our cyber risk management scores in leading cyber software and tools to create a comprehensive, integrated cybersecurity risk platform. This makes it easier for companies to access and understand their risk scores through platforms they may already be using.

The big catch

Forrester Research expects this third-party cyber risk and what is called “Nth-party risk” – vulnerabilities from vendors at even further degrees of separation – will account for 60% of cybersecurity incidents in 2022. Recent data from RiskRecon and the Cyentia Institute also highlights that multi-party cyber breaches can cause 26 times more financial damage compared to an attack that affects only one target. 

One cyberattack – if it lands hook, line and sinker – can wrangle a big catch for cyber criminals and impact several organizations at once.

Turning the tide

Understanding third-party risk can be a time-consuming endeavor, as it relies on analyzing a variety of factors that contribute to a company’s overall rating. For many businesses, understanding their own rating is becoming increasingly important as more customers are looking at vendors’ risk profile as a condition of doing business. 

To turn the tide, making cyber risk scores more accessible is an important first step. The Cybersecurity Alliance Program not only helps businesses more easily understand and act on cyber vulnerabilities, it provides partners with user-friendly APIs to extend cyber risk monitoring and scoring to their customers, helping organizations secure their digital ecosystems.

EY deploys the program across its business and is already seeing in impact. “Mastercard’s cybersecurity ratings bolster our services, allowing our customers to identify, prioritize and act on cyber risk quickly, efficiently and based on their unique risk appetite,” says Matthew Moog, principal.

The goal is simple: if businesses can improve the trust and confidence in every interaction, they also enhance the security of the Internet.

Security on our shores

It’s long been part of our mission to keep the cyber ecosystem safe. Whether through our daily activities to protect every transaction on our network or our support of small businesses across the globe through the Mastercard Trust Center or the Cyber Readiness Institute, we’re bringing important resources to small- and medium-sized businesses in a simple and easy-to-use way through our multiple distribution channels and strategic partnerships.

To become an alliance partner or to learn more about Mastercard’s Global Alliance Program, visit or contact

Photo of Johan Gerber
Johan Gerber, executive vice president, Security & Cyber Innovation