Third-party risk management has become one of the top concerns for CISOs in 2026 - and for good reason. Supply chains are growing more complex, regulatory obligations are tightening and the next breach is as likely to come through a supplier as from a direct attack.

In this insightful panel discussion, the panelists will explore:

• Why third-party risk management consistently falls short - from over-reliance on certifications and questionnaires to blind spots around subcontractors, non-technical suppliers and lateral movement risks once access is granted;
• How zero trust architecture, continuous monitoring and risk-tiered supplier classification can replace the traditional "castle and VPN" model with a more defensible approach to third-party access;
• Why compliance pressure alone won't secure the supply chain, and how organizations can build shared security culture across their supplier ecosystems, including smaller vendors that lack the resources to meet enterprise-level requirements on their own.