Our survey will be out soon but typically, we have found that approx 10% of the vendors come out as Critical and about 20% as High risk... based on not only our survey but also many conferences and peer comparisons. I welcome others' feedback as well.
Original Message:
Sent: 01-13-2020 02:23 PM
From: Josh Bowman
Subject: Vendor Risk Profile Distribution
Does anyone know if any of the consulting firms (or anyone else) has published data on the typical distribution of vendor risk profiles within an institution (i.e., 3-5% high risk, 40% moderate risk, etc.)?
I'm working on my annual report to the Board and would like to be able to compare our distribution to a published industry standard.