Third Party Risk Management Archives

Supply chain resilience is about managing persistent uncertainty – and needs active governance

In this piece, Gavin Wilson argues that supply chains can no longer be treated as purely commercial functions but must be managed as core risk systems. With geopolitical tension, regulation, climate disruption and hidden dependencies all shaping outcomes, disruption is now constant rather than exceptional. He highlights how many organisations remain exposed due to limited visibility and fragmented ownership, often reacting only once issues arise. His focus is on active governance, deeper supplier insight and earlier involvement of risk functions, ensuring resilience is built in before disruption hits rather than after.

Why supply chain resilience now sits at the centre of organisational risk

Why supply chains must be treated as risk systems. Explore geopolitical risk, climate disruption and resilience in modern supply chain governance.

If a black swan event happened tomorrow, would your organisation be ready?

At a Corps Security and Toro roundtable, industry leaders examined how organisations build resilience amid geopolitical tension, digital interconnectivity and misinformation and why real preparedness depends on people, communication and tested response plans, not just documented strategies.

Ecosystem is the biggest cyber risk

In this latest article, Toro Solutions CEO Peter Connolly argues that many organisations are investing heavily to protect systems that are no longer the most likely source of a breach.

The greatest cyber risk now sits in the wider ecosystem of suppliers, software platforms and digital partners that businesses depend on but do not control. Drawing on recent incidents and client experience, he explains how attackers increasingly exploit trusted connections between organisations, using smaller or less mature partners as entry points into much larger networks.

As digital supply chains become more complex, cyber security can no longer be managed in isolation. Connolly makes the case that boards focusing only on internal controls are overlooking their largest attack surface, and that real resilience depends on stronger standards, better information sharing and collective accountability across the ecosystem.

It’s 2026. Why are the basics still being missed?

In this latest article, Toro Solutions’ Directors of Cyber Security and Physical Security & Risk ask a simple but uncomfortable question: it’s 2026, so why are the basics still being missed?

Reflecting on high-profile failures, including the widely reported security lapse at the Louvre, they explore how weak passwords, inconsistent MFA, unmanaged access and overlooked physical controls continue to sit at the heart of major incidents. While organisations focus on AI, geopolitics and evolving threat actors, foundational disciplines such as access management, patching and third-party oversight are too often deferred, normalised or quietly accepted.

The piece argues that most breaches are not the result of unknown risks, but of known controls that were never fully enforced or revisited and that real progress in 2026 will depend less on chasing the next big threat and more on consistently getting the fundamentals right.

Third Party Risk Management

Supply chain resilience is about managing persistent uncertainty – and needs active governance

Why supply chain resilience now sits at the centre of organisational risk

If a black swan event happened tomorrow, would your organisation be ready?

Ecosystem is the biggest cyber risk

It’s 2026. Why are the basics still being missed?

How to identify your organisation’s most critical third party risks

Third party risk management – strengthening trust in a connected world