Venminder, a leader in third-party risk management solutions, revealed the results of their now fifth annual “State of Third-Party Risk Management Survey”. The survey of third-party risk professionals provides valuable insight into how organizations are managing the risks associated with doing business with third parties.
Third-party risk management was very much tested as an operational risk mandate, rather than simply a regulatory requirement in 2020. The pandemic pushed organizations to be more innovative, work remotely and rely more heavily on outsourced practices. The (still ongoing) COVID-19 pandemic has validated for many that third-party risk management is not just a regulatory issue, but a practical real-world consideration.
Key findings from the survey include:
• Having enough internal resources is currently the #1 vendor management challenge
• Sixty-nine percent have updated their vendor management policy in the last 12 months
• Forty-six percent have between 1 and 2 employees dedicated to third-party risk management
• Eighty percent have a formal process in place to determine criticality for all new vendors pre-contract
• Sixty-eight percent classify 10% or less of their current number of vendors as “business critical”
• Seventy-six percent have formal risk assessment processes in place to determine inherent risk and residual risk for all new vendors pre-contract
• Seventy-five percent review/analyze high-risk or critical vendor documentation at least annually
• The number one way the pandemic impacted vendor management processes was third-party risk professionals ensuring their vendors had adequate pandemic plans in place
• Seventy-seven percent confirmed that the majority of their vendors were prepared and implemented pandemic plans without issues
• Forty-six percent say that they experienced third-party cyber incidents during 2020, with forty percent being limited impact incidents
“The survey results confirm that the maturity of third-party risk management practices has continued to evolve and, notably, improve,” said James Hyde, CEO of Venminder. “The COVID-19 pandemic certainly drove heightened awareness in the need for well-managed practices and the importance in ensuring that your data is protected, whether it’s in your hands or a vendor’s and wherever it is – whether in a remote or office environment. This year’s survey results will provide many with important insight into the current state of third-party risk management as well as the ability to compare and benchmark their organizations’ processes against their peers.”
The full survey findings are available to download now on Venminder’s website by clicking here.