Concern for cyber risk and cyber management—especially in larger companies—has come more into the spotlight over the last year as global corporations like Sony and Target experience high-profile data breaches. But cyber protection is multi-faceted, and a big part of securing one's company against breaches is the consideration of any third parties involved.

Insecure third parties can allow for a significant amount of damage, such as in the case with Target's breach. The good news is that, because of these high-profile breaches over the last year, awareness around the security of third parties has heightened. As such, legal obligations to manage the cyber risk of third parties and vendors has also heightened.

New legal requirements are shaping the way organizations build and monitor their third party cyber risk management. Jake Olcott, an executive from cybersecurity ratings company BitSight, told Legaltech News that third parties have been the sources of many breaches in recent years, and there are specific risks associated with them including the retention of sensitive data.