The third party might charge extra fees.

The data might become outdated.

The data might get lost in transit.

The third party might not have strong cybersecurity measures.

By sending phishing emails to employees.

By infiltrating through an external partner with access.

By directly attacking the main company.

By hacking into the company's website.

They stole passwords from employees.

They disrupted the company's network traffic.

They hacked into the company's email system.

They injected malware into the Orion software.

Analyzing and controlling inherent risks.

Eliminating all risks completely.

Monitoring and mitigating residual risks.

Focusing only on internal security measures.

Inherent risks exist without controls, residual risks remain after controls.

Inherent risks are controlled, residual risks are not.

Inherent risks are external, residual risks are internal.

Residual risks are more dangerous than inherent risks.