When it comes to third-party risk, security leaders often focus on the cybersecurity threats posed by their vendors. However, risk management professionals must also consider the physical security risks of their vendors to ensure the strongest possible security posture.

The 2022 Third Party Risk Management (TPRM) Industry Study from Prevalent, Inc. aims to explore current trends, challenges and initiatives impacting third-party risk management practitioners worldwide. Although organizations are starting to adapt their TPRM programs to address emerging cyber and physical risks, much more needs to be done to mature these programs.

Findings from the study include:

  • 45% of organizations experienced a third-party security incident in the last year
  • 69% of respondents say that the top third-party risk concern facing their organization is a data breach
  • 40% of organizations are paying more attention to non-IT security risks

Organizations continue to overlook less quantifiable non-IT risks such as modern slavery, anti-money laundering, and anti-bribery and corruption risks that could lead to compliance violations, fines or negative reputational impacts, as well as human rights violations.

Two-thirds of respondents report that their third-party risk management programs have more visibility among executives and the board compared to last year. However, getting there took massive increases in third-party vendor and supplier-related cybersecurity issues such as Log4j, the Toyota supply chain breakdown, and the Kaseya ransomware attack.

For more information on the report, click here.