Significant Percentage of Organizations are Drastically Unprepared to Address Supply Chain Disruptions

Prevalent and Shared Assessments Study Reveals Extreme Lack of Confidence and Dissatisfaction in Programs and Tools to Manage Third Parties
April 08, 2020
Blog third rail study april 2020 4

PHOENIX — April 8, 2020 – Prevalent, Inc., the company that transforms how you manage third-party risk, and Shared Assessments, the member-driven leader in third-party risk assurance, today announced a new report, Third-Party Risk: The 3rd Rail of Security & Compliance, which provides deep insights into current trends, challenges and initiatives impacting third-party risk practitioners. The findings clearly illustrate that many companies are not dedicating proper resources to assess third-party risks, and those that are still lack confidence in their programs. As a result, there are real consequences including loss of revenue, loss of productivity, and loss of reputation – all of which can jeopardize resiliency and are amplified given today’s supply chain concerns related to COVID-19.

“Organizations are starting to ask the question about what happens to them if their supply chain partners go out of business. Sadly, most companies don’t have the risk visibility into their supply chains to answer that question,” stated Brenda Ferraro, vice president of third-party risk at Prevalent, Inc. “How can they expect to adequately manage their own risk without understanding the risks vendors and partners pose?”

Key findings include:

  • Lack of confidence in the program inhibits results: 54% of organizations have some meaningful experience in conducting third-party risk assessments, yet only 10% are extremely confident in their programs.
  • Significant consequences: 76% of respondents said that they experienced one or more issues that impacted vendor performance – resulting in a loss of productivity (39%), monetary damages (28%) and a loss of reputation (25%).
  • Unsatisfactory number of assessments: 66% of respondents say they should be assessing more than three-fourths of their top tier vendors but aren’t doing so.
  • Costs, resources and lack of process are inhibitors to success: Lack of resources (74%), cost (39%) and insufficient processes (32%) are keeping respondents from assessing all their top-tier vendors.
  • No one seems happy with their existing toolset: Satisfaction levels among existing tools hovers in the 50% range, and weighted average of satisfaction caps out at 3.8/5.0. GRC tools have an especially long way to go with a 41% satisfaction rate.

Growing and maturing an adaptable and agile third-party risk management program that is resilient in times of crisis doesn’t have to be a complex and time-consuming process. The report concludes with five recommendations to jump start vendor risk activities:

  • Develop a Programmatic Process
  • Build a Cross-Functional Team That Extends Beyond Risk and Compliance
  • Be Comprehensive Without Being Complex
  • Maintain Options for Assessment Collection and Analysis for Agility
  • Complement Your Decision-Making with Risk-Based Intelligence

Read the complete report, including expanded conclusions. View and download an infographic highlighting key findings from the report.

To assess your organization’s and your vendors’ business resilience processes, download Prevalent’s free business resilience questionnaire.

About Prevalent

Prevalent helps enterprises manage risk in third-party business relationships. The company delivers the industry’s only purpose-built, unified platform that integrates a powerful combination of automated assessments, continuous monitoring, and evidence sharing for collaboration between enterprises and vendors. No other product on the market combines all three components, providing the best solution for a highly functioning, effective third-party risk program. To learn more, please visit

Media Contact

Angelique Faul