Which topic concerns third-party risk within high-value cyber audit focus?

Third-party risk focuses on how external entities—vendors, suppliers, contractors, and service providers—can affect an organization’s cyber security. In high-value cyber audits, this area gets prominent attention because these external relationships often hold or access critical systems and data. A robust audit considers how these parties are vetted, what security controls and contractual requirements govern their access, how ongoing monitoring is performed, and how incident response coordination works if something goes wrong. This is why the topic described as risk posed by vendors and external partners to security is the best fit for third-party risk in a high-value cyber audit context. The other options describe narrower or internal concerns that don’t capture the broader external relationship risk, such as a specific device issue, an overclaim about eliminating risk through outsourcing, or internal political dynamics.