By far the best tool is to purchase adequate cyber insurance coverage. Any vendor who collects PII on behalf of our company must complete a full due diligence, including disaster recovery plans, SOC reports, MFA for all users, consistent password changes, etc. Our only challenge has been down time from Insurtech partner servers. We've incorporated manual processes and, in some cases, duplicate service arrangements. For example, having two payment processors to avoid relying 100% on a third party.