Third-party compliance risks are significant and growing. While many organizations recognise the importance of managing these risks, a considerable number are still lagging in their efforts, with some failing to adequately monitor and manage their third-party relationships. Recent statistics highlight the need for improved third-party risk management (TPRM) programs.
Here’s some interesting statistics to ponder:
- With the proliferation of cloud services, enterprises are exposed more than to ever to such service providers with the average enterprise now using over 1, 295 cloud services (Spacelift);
- A significant portion of data breaches are actually linked to third parties, with 61% of companies having experienced a data breach related to third parties (Security Scoreboard);
- Even if you have not yet experienced a third-party data breach, it is almost inevitable that you will – with 98% of organizations being in a relationship with a third party that has previously been breached (Security Scoreboard);
- 84% of survey respondents said that third-party risk incidents have resulted in operations disruptions, 66% cited adverse financial impact, 60% noted increased regulatory scrutiny, 59% indicated an adverse reputational impact, and 33% said regulatory action was taken (Gartner);
Are you coping?
Notwithstanding the above challenges, organisations have chronically understaffed their efforts to safeguard against third party data breaches.
- 43% of organisations only have between 1-2 full time employees responsible for TPRM (Venminder);
- While 90% of organisations rate TPRM as a growing priority (RiskRecon), 74% rate their organisation’s level of sophistication as poor or mediocre (Moody's Analytics).
- Many organisations are only assessing 33% of their vendors (Prevalent);
- Only 29% of organisations remediate risks found during the vendor sourcing and selection stage (Prevalent);
Current Practices
Many organisations do not have formal processes in place to assess third party risks (Venminder). For those that do formal assessments, security questionnaires are the most popular method (RiskRecon). Notwithstanding this, only 4% have a high level of confidence vendors are actually meeting security requirements based on their responses (RiskRecon). With regulatory enforcement increasing in many jurisdictions, concerningly, only about half of organisations check if third parties are complying with data protection regulations (Riskrecon & Ponemon Institute).
What is required are tools to help organisations:
- Do the heavy lifting of conducting assessments with limited manpower;
- Assess third parties in a granular fashion, against recognised benchmarks and data protection regulations;
- Increase vendor assessment coverage and identify gaps;
That’s why we are introducing one click third party risk assessments. Check out the quick demo below:
With one click third party risk assessments, you can now let ComplyMe.AI do the heavy lifting. Once kicked off, AIDA (our AI Digital Assessor) will:
- Search publicly available information for relevant information on your selected vendor (such as their data breach history, personal information handling practices, information security practices and privacy policies);
- Assess any information you think relevant on the vendor, including agreements, network diagrams, policies or even product demonstration videos.
- Analyse the information obtained against your subscribed global data protection or cybersecurity regulation (such the GDPR, CCPA, PIPL, NIS2 or DORA);
- Identify potential gaps based on the applicable regulation; and
- Provide a detailed analysis against relevant provisions of the regulation.
All you have to do is generate a report, share it or refresh it when needed ... at the click of a button.
NOTE: You must be an existing subscriber to access one-click assessments. Just add it through the Subscriptions menu.