In the spring of 2020, we surveyed over 150 third-party risk practitioners to gain a better understanding of how organizations are operating their third-party risk management programs, the challenges those programs are facing, and the strategies TPRM programs are utilizing to managed third-party risk.
We hope that you find this study helpful in your work to hold vendors accountable for managing third-party cyber risk well, because you can outsource your systems and services, but you cannot outsource your risk.
Here are some highlights from the report:
- 81% of respondents claimed that 3/4 of their vendors pass their security questionnaires
- In contrast, only 14% of those surveyed trust that third parties security actually matches responses from their questionnaires
- 31% of respondents stated that they have vendors they considered to be a material risk in the event of a data breach
- The typical ratio of vendors to staff reported by TPRM programs is 50(vendors):1(staff)
