With growing complexity in supply chains, many organisations are facing challenges in meeting diverse stakeholder needs, covering extensive vendor ecosystems, and addressing risk across the third-party lifecycle. Despite increased attention on TPRM, many organisations struggle to balance depth and breadth in risk coverage, particularly given the growing complexity of supply chains.
A recent study by Prevalent, who are specialist providers of third-party risk management software to support organisations to unify vendor management, assessment and monitoring states that there is a sharp and marked rise in the number of TPRM programs managing larger vendor portfolios. Compared to previous years, the number of programs managing more than 250 vendors has nearly doubled. This expansion poses significant challenges in maintaining effective oversight. Furthermore, 89% of TPRM programs are now assessing non-cyber risks, emphasising the growing importance of a holistic approach that includes financial health, regulatory compliance, and ESG risks alongside traditional cybersecurity concerns. This reflects the interconnected nature of modern risks, where breaches can lead to operational, legal, and reputational consequences.
Cybersecurity remains a top concern. The latest high-profile breach saw cloud provider Snowflake breached. As a result, more than 530,000 customers of both Santander Bank and Ticketmaster had their data leaked. There is an overwhelming concern that third-party providers are a backdoor to your data.
A quarter of organisations experience security incidents involving third parties. This trend underscores the need for robust vendor due diligence and continuous monitoring, as the impact of third-party breaches is now often viewed on par with first-party breaches. Additionally, almost 70% of firms now have more than 50 vendors in their TPRM programs, highlighting the expanding nature of third-party ecosystems. However, managing these complex vendor networks has proven difficult, with only 39% of respondents rating their company’s risk mitigation efforts as highly effective.
Another major shift is the growing importance of Environmental, Social, and Governance (ESG) risks, with 56% of TPRM leaders citing greater organisational focus on these areas. As regulations evolve and stakeholder expectations increase, companies are increasingly required to consider a broader range of risks beyond cyber, such as geopolitical tensions and ESG disclosures, which can directly impact vendor relationships.
Moreover, investment in TPRM is increasing. Around 90% of organisations recognise the ROI of TPRM initiatives, and many plan to boost spending on resources and technology to improve their programs maturity. Despite these investments, less than one-third of organizations have implemented highly coordinated TPRM strategies, suggesting significant room for improvement.
Looking forward, a key opportunity for TPRM programs will be enhancing their methodologies, as 63% of leaders plan to revisit and refresh their approaches. Leveraging managed service providers for TPRM is also expected to rise, with 44% of organisations planning to do so within the next two years. As the TPRM landscape evolves, these trends indicate a growing recognition of third-party risk as a critical area for investment, improvement, and strategic focus.
Sources:
- Prevalent 2024 Third-Party Risk Management Study
- RiskRecon 2024 Third-Party Risk Report
- Secureframe 2024 TPRM Statistics and Trends
Information Links:
- Third-Party risk management solution – Third-Party Risk Management – Brookcourt Solutions
- For more information about our risk management and assurance services including access to in-house consulting services – Risk Management Assurance & Advisory – Brookcourt Solutions
- Talk to the team: Contact – Brookcourt Solutions
