As a former hockey mom, I assure you that there is nothing quite as pungent as a travel-team hockey bag. Adolescent sweat, steamy equipment, and skates with remnants of ice all shoved into a giant bag with no ventilation makes for a breeding ground for fungus and bacteria. But ask any player, coach, or hockey parent, and they’ll tell you that they hardly notice the stench. Why? Anosmia. Anosmia, commonly known as smell blindness, occurs when prolonged exposure to a particular scent or odor, such as hockey-related smells, impairs your ability to detect it. Similarly, operating in a sustained environment of risk overdrive has impaired risk professionals’ ability to detect the stench of urgency emanating from third-party risk.

In my new report, The State Of Third-Party Risk Management, 2024, we surveyed enterprise risk management decision-makers in North America, Europe, and Asia Pacific across industries to understand how third-party risk priorities, perceptions, and practices are changing in response to current trends. Here’s what you need to know to shake the smell blindness.

Wake Up And Smell The TPRM Urgency

Third-party risk management (TPRM) is not keeping up with business reality. As organizations expand their ecosystem of third-party relationships, so must they evolve their strategies to mitigate the risks arising from the interconnectedness of these relationships. And yet even as third-party breaches and vulnerabilities were the top cause of breaches in 2023, concern for third-party risk has plummeted by over 12 percentage points to just 8%, a striking contrast to the 44% and 37% of survey respondents that identified data privacy risk and information security risk, respectively, as a top concern. One reason why prioritization of third-party risk ranked so low is that approximately one-third of respondents (32%) told us that, while third-party risk is considered important, other risk areas are a higher priority.

TPRM Maturity Tackles Bad Odors At The Source

Third-party risk is a difficult problem to solve due to the shared responsibility across the organization, which means the ownership of the process, risk, relationship, and consequences are spread across multiple teams/functions. Not only do all these “owners” need to align on a common process, but they also need to share insights and risk information for a holistic approach. Additionally, all organizations in various regions, sectors, and industries struggle with common challenges such as too many third parties and not enough time, too few resources, and competing priorities. There is cause for hope, however! TPRM maturity is a critical factor for overcoming common third-party risk challenges such as decreasing manual and ad hoc efforts, increasing dedicated ownership, and improving the assessment backlog (see figure below).

 

Read the full report for strategies and insights on how security and risk pros can bring a fresh and clean perspective to the putrid problem of TPRM. Also, schedule an inquiry or guidance session with me for further insights or to discuss your TPRM program.