51% of organisations have faced a risk incident during COVID

Cybersecurity consultancy firm Deloitte has launched its Third Party Risk Management Survey 2021 based on organisations in 30 countries worldwide.

Deloitte has revealed the results of its extended enterprise risk management (EERM) global survey based on 1,170 responses, across 30 countries. The survey was conducted between December 2020 and January 202 and the findings reflect the views of people accountable for third party risk management activities within their organisation. Survey respondents came from a variety of organisations across consumer, energy resources and industrials, financial services, life sciences and healthcare, government and public sector, and TMT.

Key findings from the report include:
  • More than half of (51%) of organisations have faced one or more third-party risk incidents whilst responding to the COVID-19 pandemic. 13% of incidents were considered ‘high impact’, severely compromising financial performance and profitability, customer service and, in some instances, put organisations in breach of regulations.
  • 27% of organisations that hadn’t adequately invested in third party risk management prior to the pandemic faced a high impact incident over this time, compared to just 2% of those that had.
  • A year on from the start of the pandemic, almost half (45%) of organisations remain in ‘respond’ mode in dealing with the impact of COVID-19, leaving many vulnerable to third party failure without due assessment.
  • As workforces also shifted en masse to remote locations, 71% of organisations now identify digital risk as their top priority area. Despite this, 42% shared concerns over inadequate cyber security investment, topping the list of all emerging risk ‘domains’.
  • However, over the course the pandemic, organisations have accelerated their investment in technology to gain competitive advantage as they emerge from the pandemic and look towards recovery. Almost half (49%) of respondents are now updating their due diligence and monitoring processes using their tech investments to make them ‘intelligence led’ and in real-time, compared to a third (35%) last year.

Kristian Park, Extended Enterprise Risk Management Partner at Deloitte says of the findings: “As businesses have shifted to more digital ways of working, new technologies and the continued need to both reduce costs and access specialist skills has bred a new set of risks when it comes to third party oversight. Whilst many organisations have long-established third party risk management programmes in place, the COVID-19 pandemic has highlighted unforeseen gaps, making many vulnerable to failures caused by third parties - for which the organisations are, ultimately, responsible. As a high proportion of respondents remain in ‘respond’ mode to the pandemic, it suggests many underestimated their preparedness to deal with such an event.

“One area in particular that most organisations identified as a priority was digital risk. With many workforces moving to remote locations, some for the first time, this has opened up greater opportunities to fall victim to cyber crime. Many organisations won’t have considered the security policies and guidelines that a remote workforce – and, by extension, third parties – required until now.

“That said, we know that crises tend to reinforce the need to invest in good risk management. Much like we saw during the aftermath of the 2007-8 financial crisis, COVID-19 is likely to have a similar effect on future risk procedures. As organisations seek to recover from the impact of the pandemic, we are also seeing many looking to gain competitive advantage which is already driving significant investment in risk management technology. This could be a map-based dashboard, for example, that enables organisations to visualise their real-time third party risk exposure by the geographies in which they operate. These ‘heat maps’ alert organisations to, for instance, changing local restrictions that could impact things like the movement of goods, marketing activities, or other critical services. Being armed with this information ensures organisations can make better informed decisions on the actions they take to reduce disruption, meet customer expectations, and reinforce competitive edge.”



Featured Articles

Tech & AI LIVE: Key Events that are Vital for Cybersecurity

Connecting the world’s technology and AI leaders, Tech & AI LIVE returns in 2024, find out more on what’s to come in 2024

MWC Barcelona 2024: The Future is Connectivity

Discover the latest in global technology and connectivity at MWC Barcelona 2024, where industry giants converge to discuss 5G, AI and more industry trends

AI-Based Phishing Scams Are On The Rise This Valentine’s Day

Research from Egress Threat Intelligence, Avast, Cequence Security & KnowBe4 outlines how AI is being used in dating app phishing scams on Valentine’s Day

Speaker Lineup Announced for Tech Show London 2024

Technology & AI

Darktrace predicts AI deepfakes and cloud vulnerabilities

Cloud Security

Secure 2024: AI’s impact on cybersecurity with Integrity360

Technology & AI