Connect with us

Hi, what are you looking for?


Third party risk management: Half of firms are underprepared

With third-party risk audits getting more complex and time consuming, are firms really prepared for major threats?

Image: — © Digital Journal
Image: — © Digital Journal

The past twelve months have seen increases in third-party incidents, breaches, compliance issues, and supply chain disruptions impacting businesses. This arena has led many organizations to seek to adapt third-party risk management programs to address emerging risks outside of the IT realm.

An example of this trend appears in a report from the firm Prevalent. The report is titled “2022 Third-Party Risk Management Industry Study”, and it details the state of third-party risk management in light of best practices and modern global realities.

The key observations include the finding that several organizations are paying more attention to non-IT security risks. Here, 40 percent of respondents manage both IT and non-IT vendor risks. However, some 45 percent of third-party risk management programs are only focusing on the IT vendor risk.

In relation to strategy, 67 percent of companies polled indicated that their third-party risk management programs have more visibility than the year prior (likely a response to surges in third-party vendor and supplier-related attacks such as Log4j, the Toyota supply chain breakdown, and others throughout the past few months.)

The report also finds that manual methods for assessing third parties continue to persist. This is evidenced by 45 percent of respondents who are still using spreadsheets to assess third parties.

Organizations also reportedly have increased concern with damaging third-party security incidents. This is not helped by many citing the fact they lack effective tools to tackle such incidents. With this issue, 69 percent of organizations have experienced a data breach or other security incident due to poor vendor security.

Such evens also take time to resolve. Organizations are waiting over two weeks for third-party incident resolution; 35 percent of firms report it takes up to two weeks to determine whether an incident resulted in disruption in service. Moreover, 47 percent wait another week for third-parties to complete remediation or migration.

It also stands that third-party risk management discipline falters as vendor relationships progress. In this regard, 74 percent of businesses track risks at sourcing/pre-contract due diligence, lowering to 61-68 percent for ongoing tracking. The report also finds that only 43 percent do so during off-boarding/termination.

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:


Chinese students at an e-commerce school rehearse selling hijabs and abayas into a smartphone - Copyright AFP Jade GAOJing Xuan TENGDonning hijabs and floor-length...


US President Joe Biden delivers remarks after signing legislation authorizing aid for Ukraine, Israel and Taiwan at the White House on April 24, 2024...


AfD leaders Alice Weidel and Tino Chrupalla face damaging allegations about an EU parliamentarian's aide accused of spying for China - Copyright AFP Odd...


Meta's growth is due in particular to its sophisticated advertising tools and the success of "Reels" - Copyright AFP SEBASTIEN BOZONJulie JAMMOTFacebook-owner Meta on...