A staggering 45% still depend on manual processes while incident response timelines multiply
PHOENIX, May 5, 2022 /PRNewswire/ — Prevalent, Inc., the company that takes the pain away Third Party Risk Management (TPRM)announced today a new report, The 2022 Third-Party Risk Management Industry Study: TPRM programs at a crossroads, which provides deep insights into current trends, challenges, and initiatives impacting external risk management practitioners worldwide. The results clearly show that while organizations are beginning to adapt their TPRM programs to new and emerging non-IT risks, much more needs to be done to scale up and mature these programs – particularly in relation to responding to Incidents, Compliance, and the Vendor Lifecycle .
Key findings from the 2022 Third-Party Risk Management Study include:
45% of organizations experienced a third-party security incident in the last year – but use different tools that increase incident response times
69% of respondents say their organization’s top concern about third-party use is a data breach, with 45% of respondents saying they have experienced a security incident in the last year – up from 21% in 2021. However, they have 8% of organizations do not have an external incident response program in place, while 23% take a passive approach to responding to external incidents.
40% of companies pay more attention to non-IT security risks – but not enough
TPRM programs continue to focus on addressing the risks of working with IT vendors, but a surprising 40% of respondents in this year’s study said they focus on management both IT and Non-IT Vendor Risks.
However, organizations continue to overlook less quantifiable, non-IT risks such as modern slaveryanti-money laundering and Combating bribery and corruption Risks that could still result in compliance violations, fines, or negative reputational impacts.
TPRM is becoming more strategic, but 45% of organizations still use manual spreadsheets to assess third parties
Two-thirds of respondents say their TPRM programs enjoy more visibility from senior executives and the board compared to last year. However, getting there has required a massive increase in cybersecurity issues related to third-party vendors and suppliers, such as: log4jthat Collapse of the Toyota supply chain, and the Kaseya ransomware attack. Unfortunately, manual processes still hold companies back, with 45% saying they use spreadsheets to evaluate their third-party providers.
These manual processes add unnecessary complexity and time to third-party underwriting, with 32% of respondents saying it takes more than a month — in some cases more than 90 days — to produce reports and evidence needed for regulatory reviews required are.
“The past year has drawn even more attention to the risks associated with third-party suppliers and suppliers, particularly the supply chain with ongoing cyber disruptions,” he said Brad Hibbert, Chief Strategy Officer at Prevalent. “And while today’s survey shows that companies are beginning to take a more strategic view of their third-party management programs, more progress still needs to be made. More and more companies are starting to assess non-IT risks, which is a step in the right direction. But sadly, more than half aren’t — and that could result in financial losses. Coupled with a comprehensive TPRM solution, organizations can build stronger defenses against IT and reputational risks from third parties.”
The results of this study show that TPRM teams are making strides toward a more strategic approach to TPRM, but three areas require additional improvements to keep organizations on track:
Simplify audits and unify teams in a single solution that provides built-in questionnaire templates and supplemental intelligence for multiple business/operational and risk areas reputation and finances risks, too IT G and attention risks.
Automate incident response to reduce cost and time. Invest in mature tools and processes that centrally manage all vendors on a single platform – the first and most important step is gaining insight into your third-party ecosystem. Know which third-party providers (and Nth parties) are at risk of a data breach by mapping supplier relationships based on technology usage and uncovering potential impacts through continuous tracking, scoring and management Cyber, business, reputational and financial risks on a single platform.
Close the loop in the third-party lifecycle. Look for a TPRM platform with strong Contract Lifecycle Management Skills. The results can inform ongoing negotiations with your business partners and ensure stronger, long-term business relationships. When get out A third party can confirm that your systems and data have been safely decommissioned by conducting a final risk assessment, while providing records to demonstrate compliance with data protection regulations.
Download the full eBook for additional insights, context and recommendations on benchmarking existing TPRM practices.
Prevalent facilitates third-party risk management (TPRM). Businesses use our software and services to eliminate the security and compliance risks that result from working with vendors, suppliers, and other third parties throughout the vendor risk lifecycle. Our customers benefit from a flexible, hybrid TPRM approach, where they not only receive solutions tailored to their needs, but also achieve a rapid return on investment. Regardless of where they start, we help our clients ease the pain, make informed decisions, and adapt and mature their TPRM programs over time.
Angelique FaulSilver Jacket Communications, 513-633-0897, email@example.com.
View the original content to download multimedia:https://www.prnewswire.com/news-releases/new-prevalent-study-reveals-organizations-are-not-pieces-to-handle-increasing-third-party-security-incidents-301540146.html
SOURCE Prevalent, Inc.
#prevailing #study #shows #organizations #unequipped #deal #rising #thirdparty #security #incidents