When we compiled our 2020 third-party risk management predictions, there were no mentions of pandemics, business resilience, supply chain failures, or even social distancing. Our crystal ball failed us.
For sure, 2020 changed how third-party risk management practitioners went about their jobs. And we don’t need a crystal ball to know that the pandemic will continue to impact supply chains over the coming year. If your current TPRM playbook isn’t focused on supply chain resilience, then it may be time to throw it out and write a new one.
Our experts have gathered to make eight predictions to help you get a head start. We’ll start with the first four in this post and then round out the list with Part II next week.
2020 saw a litany of supply chain failures triggered by unpredictable events. These incidents shed light on the fact that companies need to understand risk at every stage of the vendor lifecycle – from sourcing to offboarding, and everything in between.
In 2021, third-party risk practitioners will need to expand their visibility by seeking risk intelligence at several key milestones throughout the vendor relationship:
There is more to vendor risk than cybersecurity threats, and there are several other risk factors that impact a vendor’s ability to deliver its products and services.
For example, are your vendors financially stable? Do they pay their bills on time? How do they handle operational disruptions from natural disasters and health emergencies? How might their ethics or sustainability violations threaten your organization’s brand or reputation?
For more complete vendor risk analysis, you’ll want to add these classes of risk to your monitoring initiatives in 2021:
A unified TPRM platform can help to normalize, correlate and analyze this monitoring data with results from cybersecurity assessments.
More data to support decision-making is essential, but what do you do with all of that data? How do you prioritize it to gain meaningful insights? That’s where machine learning and behavioral analytics come in. Behavioral analytics combines machine learning with anomaly detection to predict, identify and manage low-probability/high-impact events such as unethical or fraudulent behavior.
In 2021, it will become the norm to consolidate vast swaths of data into single views. The result will be intelligence feeds that enable more meaningful and informed actions. One application will be to leverage behavioral analytics to spot outlier risks. For example, security and risk teams could use machine learning insights to associate vendor layoff announcements with increased insider risk – or correlate low financial scores with smaller cybersecurity investments. This kind of contextual analysis will enable organizations to more proactively anticipate and address threats.
There’s more to third-party risk management than cybersecurity assessments, and TPRM can benefit several teams outside of IT security. For example, according to the EY Global TPRM Survey 2019–20, 26% of respondents indicated that procurement has primary ownership over third-party risk management.
Here are a few of the roles that stand to benefit from third-party risk management in 2021:
The right TPRM solution can bring these teams together by providing a central place for building and managing vendor profiles; accessing correlated cyber, business and financial risk intelligence; and collaborating with vendors on reducing risk at every stage.
Stay tuned for four more predictions coming next week. In the meantime, get a leg up on your 2021 TPRM plan with our best practices guide, Five Steps to Proactive Third-Party Risk Management, or assess your program using our online risk assessment calculator.
Want to know how Prevalent can help you tackle your specific TPRM challenges? Request a personalized demo.
Assess your organization's exposure with these essential questions for your vendors, suppliers and other third parties.
Vendor risk continues to be in the spotlight as 2020 comes to an end. Here’s the...