Supply chain attacks highlight the criticality of third-party risk management, and cyber risk conversations in the boardroom is now more important than ever. Amidst an ever-evolving cyber threat landscape and increasingly sophisticated cyber-attacks, having cyber risk assessment conversations in the boardroom is now more important than ever. Continuing supply chain attacks, for instance, highlight the criticality of third-party risk management and the need for thorough assessment of an organisation’s cyber supply chain and third-party vendor network, as well as swift and coordinated communication to affected users. Establishing cyber risk appetite at the boardroom level Effective risk management starts with determining an organisation’s appetite for risk. Risk assessment has always been central to business viability, and board members are well aware of how they can assess and navigate business and reputational risk. Cyber risk, however, often requires CISOs to step in and educate board members who may not be all that.