Overview#Third-party Risk is just as it says. Many if not all Organizational Entities use some Third-party for items that involve Sensitive Data
Some of these Third-parties are used in Regulatory compliance as external Auditing. The auditor gathers data and puts it in a spreadsheet and his laptop gets stolen. The Auditor may load the data to some Cloud Service Provider to gather metrics or perform Analytics
Think about all the External Auditing that happens in every industry. Health Care Organizations and Financial Organizations may be the an industries where there is more data shared than others and they may have the most Sensitive Data.
Third-party Risk Unfortunate events happen often.