Elizabethtown, KY – Venminder, the leading third-party risk management platform and solution provider, released their seventh annual “State of Third-Party Risk Management” whitepaper. The whitepaper shares survey results, providing a comprehensive look at current third-party risk management practices, challenges, compliance incentives, and benefits.
Third-party risk management is a well-established practice, but it’s also a constantly evolving one, making third-party risk management more important today than ever. The 2023 whitepaper highlights ways organizations of all sizes and industries continue to adapt and change to successfully identify, assess, manage, and monitor vendor risks.
“Organizations are continuing to mature and grow their third-party risk management program, with many now increasing focus on third-party risk metrics and continuous monitoring cybersecurity,” said James Hyde, CEO of Venminder. “By reviewing and analyzing the third-party risk management landscape and practices captured in our survey, organizations can see where they stand in relation to their peers and consider that information as they prepare for the future.”
Key findings from the State of Third-Party Risk Management survey include:
- Cybersecurity is the #1 concern in third-party risk management programs
- The biggest challenges in third-party risk management were getting the right documents from vendors (44%), having enough internal resources (32%), and automating the process (30%)
- Sixty-four percent (64%) or organizations use a dedicated vendor management software program to manage vendor risk
- Third-party risk management program maturity is improving overall, with 19% of survey respondents sharing they have a policy/program established and processes being implemented and 39% of respondents have a policy/program established but requires improvement
- Twenty-four percent (24%) of organizations have defined metrics to measure the health, stability, and effectiveness of their third-party risk management program, but they’re not comprehensive
- More than a third (37%) of surveyed organizations had audits or exams with no findings this year. Conversely, 28% had audits and exams with findings indicating a need for improvement, and 13% reported no comments on the third-party risk management provided
- Sixty-nine percent (69%) reported feeling third-party risk management is getting increased scrutiny over the last 12 months by regulators/auditors
- Fifty-two percent (52%) of survey respondents have no more than two dedicated third-party risk management employees
The full survey findings are free to download on Venminder’s website by clicking here.
.gif?width=1920&name=Sample-Graphic-Animation%20(1).gif)
