Elizabethtown, KY – Venminder, the leading comprehensive, unified platform for managing third-party risk management programs, have released their eighth annual “State of Third-Party Risk Management” whitepaper. The whitepaper provides a deep dive into how organizations are handling third-party risk today, covering key aspects such as current practices, challenges, compliance drivers, and benefits.
Third-party risk management is not a static practice, but a dynamic one that constantly adapts to new risks and regulatory demands. The past year has shown how vital it is to have an effective third-party risk management program in place, as the world faced unprecedented events and challenges such as the collapse of three regional banks, various regulatory changes, a record number of data breaches, the rise of artificial intelligence and its risks, and more. These developments have challenged even the most seasoned third-party risk management professionals to re-evaluate the scope and effectiveness of their programs.
Third-party risk management is becoming more urgent and essential for organizations of all sizes and industries. Organizations need to continuously identify, assess, manage, and monitor third-party risks, and can now leverage Venminder’s 2024 whitepaper to benchmark their performance against their peers.
“Third-party risk management delivers significant benefits to organizations and helps them mature their governance, risk, and compliance management programs,” said James Hyde, CEO of Venminder. “By reading and reviewing the data, trends, and best practices of the current third-party risk management landscape and processes captured in our survey, you can gain insights into how your organization compares to your peers and use it to guide your program enhancements this year and beyond.”
The State of Third-Party Risk Management survey reveals the following key findings:
- Third-party risk management program maturity is improving overall, with 71% of survey respondents sharing they have a policy/program fully in place (with 38% of that still further improving upon it) and 17% sharing they have a policy/program established but processes not fully implemented.
- Third-party risk management activities are seen as valuable, with 96% of respondents believing they have a positive return on investment.
- Third-party risk management programs operate with limited resources, with 58% of respondents having no more than 2 dedicated staff members.
- Software tools are widely used to facilitate vendor risk management, with 77% of respondents relying on them.
- Cybersecurity is the main concern and challenge for third-party risk management, with 51% of respondents experiencing a third-party cybersecurity incident in the past year.
- Artificial intelligence poses a new and significant risk for third-party risk management programs, requiring more attention and oversight.
- Third-party risk management programs face increasing pressure to improve, with 68% of respondents feeling it and 34% of them attributing it to regulators.
- The biggest hurdles for third-party risk management are obtaining the right documents from vendors, having enough internal resources, and managing time efficiently.
- Risk intelligence tools are becoming more popular for monitoring third, fourth, and nth parties, enhancing visibility and control.
- 64% of respondents have defined metrics to measure the health, stability, and effectiveness of their third-party risk management program.
- A third of surveyed organizations (37%) had no findings in their audits or exams in the past year, indicating a high level of compliance and performance, while 28% had findings that required improvement and 17% had no feedback on their third-party risk management.
The full survey findings are free to download on Venminder’s website by clicking here.