Third party risk on the rise, risk mitigation still not a priority

Given today’s cyber security climate, it is no surprise that companies are wary of the risks associated with third party vendors. Unfortunately, these risks are only growing with the increase in disruptive technologies such as the Internet of Things and cloud technologies.

third party risk

According to a survey conducted by the Ponemon Institute, 70 percent of respondents believe that third party risk in their organization is increasing significantly. In fact, the new report shows that in the past 12 months, organizations spent an average of approximately $10 million to respond to security incidents as a result of negligent or malicious third parties.

The Ponemon Institute surveyed 617 executives who have a role in the risk management processes within their organizations to determine the following:

  • The state of third party risk management.
  • The importance of values and a positive tone to effective third party risk management.
  • Third party risk assessment and management practices.
  • The use of technologies and cyber insurance to manage third party risk.

“The threat landscape is constantly evolving, and as a result, third party risk is only going to increase,” said Dr. Larry Ponemon, Chairman and Founder of the Ponemon Institute. “It has become imperative for organizations to create formal programs for vendor risk management in order to avoid being compromised, and more importantly, business leaders need to set a strong example.”

In the context of this study, “tone at the top” describes an organization’s control environment, as established by its C-Suite and Board. The tone at the top is set by management and affects all employees of the organization. According to the study findings, neither the C-Suite nor the Board are overly involved in third party risk management and, for most companies, there is no clear accountability at all when it comes to handling risk. Respondents overwhelmingly agreed that the best way to mitigate third party risk is for organizations to adopt a positive “tone at the top.”

Key findings: Third party risk

  • Cloud computing, mobility and mobile devices, and big data analytics will have a significant impact, according to 71 percent, 67 percent and 51 percent of respondents, respectively.
  • 50 percent of respondents do not believe the risk management process is aligned with business goals.
  • Only 8 percent of respondents say improvement of their organization’s relationship with business partners is a top risk management objective.
  • 11 percent of respondents say their organizations are very effective at communicating values throughout the enterprise or to business partners, vendors and other third parties.
  • 71 percent of respondents say when tone at the top is part of an organization’s risk management strategy, the risk of working with third parties that are not trustworthy is reduced.
  • 81 percent of respondents in financial services say that a strong tone at the top is essential to mitigating business risk.
  • Only 7 percent of respondents in financial services say that improving the organization’s relationship with business partners is a top risk management priority.