Why “Yes” or “No” approach to vendor security risk assessment is pointless. According to SecurityScorecard and The Cyentia Institute, 98% of organizations have a …