Smaller businesses usually do not have the dedicated personnel, budgeted resources or the management focus needed to carry out a comparable vendor management program. However, the smallest company can take steps to help manage third-party cyber risk.