VivoSecurity is a California-based cybersecurity company that specializes in third-party (vendor) risk assessment using data analytics and artificial intelligence. The company focuses on quantifying and managing the risk of data breaches originating from third- and fourth-party vendors, applying empirical regression models and statistical methods to forecast the probability of a data breach across a company's vendor portfolio. VivoSecurity's core offering is its Aggregate 3rd Party Assessment, which evaluates cumulative vendor risk rather than assessing vendors individually through maturity or compliance models. This approach is designed to address the blind spot created by the large number of vendors organizations rely on, which traditional SOC 2 reports or compliance frameworks do not adequately cover. The company claims that approximately 50% of larger data breaches are caused by third parties. The company serves multiple industries, with tailored solutions for financial institutions (aligned with Federal Reserve and OCC model risk guidance SR11-7), as well as biotech, pharmaceutical, and medical organizations (supporting HIPAA, CLIA, and NIST 800-30 compliance). It also serves any industry handling personally identifiable information (PII). VivoSecurity works through a partner network of independent consultants and organizations who access backend data, develop reports, and provide consulting to integrate third-party data breach risk management into existing Third-Party Risk Management (TPRM) frameworks. The company publishes educational resources including articles, workshops, talks, and white papers on topics such as calculating the probability of third-party data breaches.