Supply chain cyber risk has rapidly become one of the most prominent and pervasive risks faced by today’s organizations. Third party connections, which include suppliers, partners and service providers, can distribute an organization’s operational and business risk among multiple thousands of critical vendors. With the growing attention and expectations of investors, partners and regulatory agencies around cybersecurity, board members across all industries should care more than ever about supply chain cyber risk.

A board’s view of their organization’s cybersecurity risk posture is incomplete if it does not consider the third-party connections that make up their supply chain and extended ecosystem. In order to be effective, a board needs to have oversight over supply chain cyber risk, timely and relevant updates on the changing state of the organization’s risk posture, and assurances of action relating to their risk management program. As an organization’s highest level of oversight, it is the responsibility of the board to be actively involved in cybersecurity in general and supply chain cyber risk specifically.