In the interconnected world, companies cannot be considered “isolated”, since they rely on a wide range of third parties, which supply them with goods and services aimed to achieve their business goals. In the context of cyber risk management processes, it is no longer enough, to mitigate them within the company’s walls but it is strongly required to focus on the security of third-party systems in adopting a structured end-to-end approach.