b'Based on cyber insurance claims they file, small and midsized vendors potentially pose substantial security risks, so their customers should make them a third-party risk management priority, says consultant Mark Johnson, a former healthcare CISO.'