Our model allows estimating each vendor’s contribution to aggregate vendor risk. The pie charts in the vendor triage section of our reports (see below), show each vendor’s contribution to the aggregated risk for a data breach of a particular data breach size. Any vendor can experience a data breach, but the vendors that contribute the largest fraction are most likely to experience the data breach. Third party risk can be effectively mitigated by focusing on vendors with the highest fractions. For vendors that may not have PII data, the forecast should be interpreted as a measure of their security posture and a probability that they could expose other kinds of data besides PII.
Below we show pie charts for a data breach affecting 10-thousand people. The largest companies were excluded because such a small breach would most likely expose only their own internal employee data.