Small- to midsized businesses are often used as a stepping-stone to reach into larger business partners networks. Cybercriminals often target SMBs that often dont value nor invest properly in security. SMBs often have limited cybersecurity staff; limited cybersecurity knowledge; and have no means to detect attacks, let alone respond to them. Meanwhile, most large organizations don’t address third party risk of SMBs or other partners with any real assessment program. Many still rely on questionnaires, and others focus mainly on the top tier of vendors, leaving smaller ones to fill out questionnaires.”]