Third Party Therapy Third Party Therapy - Charlie Lewis - Beyond the Third: Navigating 4th Parties and Cyber Risk in TPRM
Dec 1, 2025
Charlie Lewis, a McKinsey leader in cyber resilience focused on supplier nth‑party and supply‑chain risk, walks through why modern supply chains create complex cyber exposures. He discusses rising interconnectivity, attacker economics, critical infrastructure dependencies, regulation gaps, practical segmentation and business-continuity tactics, plus where automation and productized risk management are headed.
AI Snips
Chapters
Transcript
Episode notes
Personal Breach Sparked Career Focus On Nth Parties
- Charlie Lewis moved from the U.S. Army into McKinsey after a breach affected his four-year-old daughter's identity, revealing how third-party breaches ripple to customers.
- He shifted focus to nth-party risk management to help organizations reduce data loss, disruption, and integrity failures across supply chains.
Hidden Concentration Risk Lives In Nth Parties
- Supply chains are now highly interconnected so a vendor's vendor (nth party) can create concentration risk even when you diversify suppliers.
- Charlie cites a 2009 artillery sight-box example where a single supplier failure halted operations, mirroring modern software/supply-chain dependencies.
Attackers Target Central Platforms For Maximum Impact
- Attackers now target central platforms to get maximal impact across many customers instead of individual targets.
- Charlie points to CRM and SaaS compromises enabled by social engineering and vishing as examples of this multiplier effect.