Risk Mitigation

Risk mitigation is the process of taking actions to reduce the likelihood or impact of an identified risk. In third-party cyber risk management, risk mitigation strategies include requiring vendors to remediate specific vulnerabilities, implementing compensating controls at the first-party level, adjusting the scope of a vendor's access to sensitive systems, or in some cases terminating the vendor relationship. Risk mitigation decisions are typically made in the context of a vendor's inherent risk, residual risk, and the first party's risk appetite.