EPISODE · Jun 10, 2026 · 11 MIN
How Security Teams Use Vendor Security Ratings to Assess Third-Party Risk
from Cybersecurity Business with Fexingo: Security Companies, Breaches, and Enterprise Defense · host Fexingo
Lucas and Luna explore how enterprises are using vendor security ratings — letter-grade scores from firms like SecurityScorecard and BitSight — to assess third-party risk before signing contracts. They walk through a real example: how a mid-sized bank used a rating of 'C' on a cloud storage vendor to push for remediation clauses, saving an estimated $2.3 million in potential breach costs. The episode covers why these ratings matter, how they're calculated (external scanning, breach databases, user behavior), and the controversy around false positives when a small vendor gets downgraded for a non-exploitable open port. Lucas also shares data showing that 63% of data breaches now originate through third-party vendors. The conversation ties back to the broader shift from trusting vendor self-assessments to continuous, data-driven monitoring. #VendorSecurityRatings #ThirdPartyRisk #SecurityScorecard #BitSight #CyberRating #SupplyChainSecurity #VendorAssessment #ContinuousMonitoring #AttackSurface #CyberInsurance #CISO #EnterpriseSecurity #VendorRisk #BreachCost #FalsePositive #Business #FexingoBusiness #BusinessPodcast Keep every episode free: buymeacoffee.com/fexingo
What this episode covers
Lucas and Luna explore how enterprises are using vendor security ratings — letter-grade scores from firms like SecurityScorecard and BitSight — to assess third-party risk before signing contracts. They walk through a real example: how a mid-sized bank used a rating of 'C' on a cloud storage vendor to push for remediation clauses, saving an estimated $2.3 million in potential breach costs. The episode covers why these ratings matter, how they're calculated (external scanning, breach databases, user behavior), and the controversy around false positives when a small vendor gets downgraded for a non-exploitable open port. Lucas also shares data showing that 63% of data breaches now originate through third-party vendors. The conversation ties back to the broader shift from trusting vendor self-assessments to continuous, data-driven monitoring. #VendorSecurityRatings #ThirdPartyRisk #SecurityScorecard #BitSight #CyberRating #SupplyChainSecurity #VendorAssessment #ContinuousMonitoring #AttackSurface #CyberInsurance #CISO #EnterpriseSecurity #VendorRisk #BreachCost #FalsePositive #Business #FexingoBusiness #BusinessPodcast Keep every episode free: buymeacoffee.com/fexingo
NOW PLAYING
How Security Teams Use Vendor Security Ratings to Assess Third-Party Risk
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Mar 19, 2026 ·34m
Feb 18, 2026 ·11m
Feb 11, 2026 ·45m