b'Enterprises globally recognize the challenge of third-party cyber risk, but they still struggle with the risk management. Dave Stapleton of CyberGRX discusses the elements of a mature program, including the role of risk ratings.'