Connect with us

Hi, what are you looking for?


Hazardous business: Rise of third-party corporate risk assessments

Third-party risk audits are getting more complex and time consuming, a new report finds.

Office structure, London. Image by Tim Sandle
Office structure, London. Image by Tim Sandle

Large increases in third-party incidents, breaches, compliance issues, and supply chain disruptions have led many organizations to adapt third-party risk management (TPRM) programs to address emerging risks outside of the IT realm.

A third party is any entity which a business works with. These include suppliers, vendors, business partners, and the service providers that used.

Risk is about the identification of hazards (factors with the potential to cause harm). To determine whether a hazard will cause an acceptable risk requires an understanding of the severity of the hazard and the likelihood that an event associated with this hazard will occur. An additional layer of confidence about the risk outcome, which can affect the acceptability of the risk, is the strength of any detection method in place. A detection method that can provide an early warning of an outcome occurring is superior to one that provides a post-event signal.

The trends for organizations to extent risk frameworks beyond information Technology has been picked by a company called Prevalent. The form has released a report titled “2022 Third-Party Risk Management Industry Study”. The report details the state of TPRM today in light of best practices and modern global realities.

The important of their-party risk assessments is borne out by a key finding from the report where 69 percent of organizations experiencing a data breach or other security incident due to poor vendor security.

The report finds that organizations are paying more attention to non-IT security risks. While this is not a revelatory finding for those who practice health and safety assessments or who are involved with pharmaceuticals and healthcare (areas that have deployed risk frameworks for decades), the extension into other areas is often novel.

As an example, 40 percent of respondents manage both IT and non-IT vendor risks. Despite this trend, 45 percent of TPRM programs still focus primarily on IT vendor risk.

With TPRM there are signs that the discipline is be getting more strategic. To add to this, 67 percent of those surveyed indicated that their TPRM programs have more visibility than the year prior (this is likely a response to surges in third-party vendor and supplier-related attacks such as Log4j, the Toyota supply chain breakdown, and other events of concern.)

In terms of who these assessments are performed, manual methods for assessing third parties persist. As an indicator, 45 percent of respondents are still using spreadsheets to assess third parties. Whether these tools are the best is debatable and many organizations have increased concern with damaging third-party security incidents; however, they are also lacking effective tools.

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:


Medical team members evacuate a Muslim pilgrim, affected by the soarching heat, at the base of Mount Arafat, also known as Jabal al-Rahma or...


In March, prices rocketed to more than $10,000 a tonne in New York after a poor harvest in West Africa.


Asian markets extended last week’s poor run with more losses Monday, following on from another tepid lead from Wall Street.

Tech & Science

It was also found that the relationship between genotype and phenotype is more different than the relationship between coffee and tea.