RiskStudio’s Vision on Supply Chain Risk Management

Managing Risks Outside Your Organization Every company is part of a dynamic network of suppliers, partners, and service providers who, in turn, are dependent on others. Supply chain risk management is therefore not about assessing a single supplier, but about understanding and managing that entire network of dependencies. No Control, But Insight Suppliers operate outside

Read more

Shadow suppliers

In practice, every supply chain consists of multiple layers that together determine the digital and operational risk profile of your organization. The further away you are from your own organization, the harder it becomes to maintain control, while that is often where the greatest risks arise. 1. My company: the starting point of all risks

Read more

SCRM, TPRM and VRM in plain English

Almost every organization today relies on a network of external parties: IT service providers, SaaS suppliers, cloud providers, consulting firms, but also on the parties they in turn depend on. This is comfortable as long as everything runs smoothly, but it also makes you vulnerable. In this context, abbreviations like SCRM, TPRM and VRM are

Read more

Cyber Resilience Examined in KPN Report

According to the recent KPN study Cyber Resilient Netherlands 2026, Dutch organizations rate their digital resilience at an average of 7.1, but there appears to be a clear gap between ambition and implementation — especially in the areas of supply chain security and monitoring. KPN’s study, conducted among more than 250 IT and security professionals

Read more

Lessons from ENISA’s NIS Investments Research

In December 2025, the European Union Agency for Cybersecurity (ENISA) published the NIS Investments 2025 Survey Data Companion Document, a comprehensive dataset presenting the results of a large-scale survey among 1,080 European organizations regarding their cybersecurity investments, capabilities, and challenges. This document offers an in-depth look at how organizations manage their cyber risks in light

Read more

RDI sets the tone: supply chain security is no longer a choice

With the advent of the Cybersecurity Act, supply chain security is explicitly becoming part of the statutory duty of care. The National Inspectorate for Digital Infrastructure (RDI), designated as the future supervisor, leaves no doubt about this: organizations must demonstrably gain control over their digital chain. Cybersecurity does not stop at your own IT environment.

Read more

New name: NIS2 Supply Chain

In early 2026, the NIS2 Quality Mark was renamed NIS2 Supply Chain. This name change, implemented by the Quality Innovation Foundation, emphasizes the need to ensure digital security throughout the supply chain. It is a quality mark that allows SMEs in particular to demonstrate that they meet the requirements of the upcoming Cybersecurity Act (NIS2).

Read more