Historically, questionnaires and risk scoring have been used to evaluate the Risk a 3rd Party which aren't very useful in quantifying Risk to the business.

It is now possible to instantly see the financial impact and likelihood of a major cyber incident on any 3rd party organisation that you do business with.

In order to comply with part of APRA's Prudential Standard CPS 234, we suggest that firms look to using Breach & Attack Simulation for Systematic Assurance

I’m looking for a way in because I believe that you’re an organisation that will provide me with revenue either from the data you possess, you will probably pay a ransom or I can quietly skim funds by posing as your CFO and request regular payment of invoices, etc.