Please note that all cosigners can be yours. If you choose such option you will mitigate the risk of being break down  as the probability that two of three have became malicious somehow equals to the product of the relevant probabilities for each cosigner. Let's say you have two hardware wallets (^{HW1 and HW2)} and one software wallet ^(SW) and afraid that during their upgrade one of them is infiltrated with malicious code that could steal you money. You may eliminate such risk by constructing multisig using HW1 , HW2 and SW as your cosigners.