Over half of firms have faced a third-party risk incident during pandemic

More than half of firms have faced one or more third-party risk incidents whilst responding to the COVID-19 pandemic, some 13% of which were considered ‘high impact’ – severely compromising financial performance and profitability, customer service and, in some instances, putting organisations in breach of regulations.

This is the among the findings of a study carried out by Deloitte, which also found that, one year on from the start of the pandemic, half of firms remain in ‘respond’ mode in dealing with the impact of COVID-19, leaving many vulnerable to further third party failure. Some 27% of organisations that had not adequately invested in third party risk management prior to the pandemic faced a high impact incident over this time, compared with just 2% of those that had.

Commenting on the findings, Kristian Park, extended enterprise risk management partner at Deloitte said: “As businesses have shifted to more digital ways of working, new technologies and the continued need to both reduce costs and access specialist skills has bred a new set of risks when it comes to third party oversight. Whilst many organisations have long-established third party risk management programmes in place, the COVID-19 pandemic has highlighted unforeseen gaps, making many vulnerable to failures caused by third parties - for which the organisations are, ultimately, responsible. As a high proportion of respondents remain in ‘respond’ mode to the pandemic, it suggests many underestimated their preparedness to deal with such an event.

“One area in particular that most organisations identified as a priority was digital risk. With many workforces moving to remote locations, some for the first time, this has opened up greater opportunities to fall victim to cyber crime. Many organisations won’t have considered the security policies and guidelines that a remote workforce – and, by extension, third parties – required until now.”

As workforces also shifted en masse to remote locations, 71% of organisations now identify digital risk as their top priority area. Despite this, 42% shared concerns over inadequate cyber security investment, topping the list of all emerging risk domains. However, over the course the pandemic, organisations have accelerated their investment in technology to gain competitive advantage as they emerge from the pandemic and look towards recovery. Almost half of respondents are now updating their due diligence and monitoring processes using their tech investments to make them ‘intelligence led’ and in real-time, compared with a third last year.

“…we know that crises tend to reinforce the need to invest in good risk management. Much like we saw during the aftermath of the 2007-8 financial crisis, COVID-19 is likely to have a similar effect on future risk procedures,” Park added.

Deloitte’s survey was conducted between December 2020 and January 2021 among 1,170 risk professionals, across 30 countries, reflecting the views of people accountable for third party risk management activities across the consumer, energy resources and industrials, financial services, life sciences and healthcare, government and TMT sectors.

    Share Story:

Recent Stories


Financial institutions were early adopters of cyber security and insurance. Are they still on top of the game?
Managing huge amounts of sensitive data online makes financial institutions a prime target for hackers. As such, the sector was an early cohort for insurers in creating cyber cover. Since then, the market has evolved almost beyond recognition. It continues to challenge itself to this day, complying with rigorous regulatory demands and implementing avant-garde enhancements to keep abreast of the ever-changing risks. Published June 2021

Manufacturing: An industry at risk amid great technological change
Of the many sectors of business, manufacturing companies are among the most at risk from cyber threats. How has the sector evolved to make it so vulnerable and what does the task of managing cyber exposure in a manufacturing company look like? CIR’s latest podcast with Tokio Marine HCC sought to answer all these questions and more. Published April 2021

Advertisement