Third-party risk and understanding that risk continues to grow; but mitigation of the risk is, if anything, getting worse. This can be seen in two separate studies published this week by Ponemon and BitSight. The BitSight study examined the visible security posture of more than 5,200 legal, technology, and business services companies known to be third-parties to finance organizations. Both surveys show a significant gap in the security posture of primary organizations and their third-party suppliers.