A Critical Risk occurs when companies concentrate solely on in-house issues when developing their cybersecurity program and strategy, simply assuming that their third-party vendors will have adequate security protocols in place. Most companies in the P&C insurance industry certainly do business with vendors of all sorts, such as BMS vendors, IT providers and even custodial services. It is essential to ensure that all vendors maintain security systems and practices that protect your business from falling victim to a risk introduced by a trusted third party.