Focus on managing third party service providers and the potential risks those relationships pose. From a regulatory perspective, understand the cyber maturity of your vendor partners, what data they have access to, and where they might be vulnerable to cybersecurity threats. Weak vendor security controls translate to a weak cybersecurity environment.