Over half of firms have faced a third-party risk incident during pandemic

More than half of firms have faced one or more third-party risk incidents whilst responding to the COVID-19 pandemic, some 13% of which were considered ‘high impact’ – severely compromising financial performance and profitability, customer service and, in some instances, putting organisations in breach of regulations.

This is the among the findings of a study carried out by Deloitte, which also found that, one year on from the start of the pandemic, half of firms remain in ‘respond’ mode in dealing with the impact of COVID-19, leaving many vulnerable to further third party failure. Some 27% of organisations that had not adequately invested in third party risk management prior to the pandemic faced a high impact incident over this time, compared with just 2% of those that had.

Commenting on the findings, Kristian Park, extended enterprise risk management partner at Deloitte said: “As businesses have shifted to more digital ways of working, new technologies and the continued need to both reduce costs and access specialist skills has bred a new set of risks when it comes to third party oversight. Whilst many organisations have long-established third party risk management programmes in place, the COVID-19 pandemic has highlighted unforeseen gaps, making many vulnerable to failures caused by third parties - for which the organisations are, ultimately, responsible. As a high proportion of respondents remain in ‘respond’ mode to the pandemic, it suggests many underestimated their preparedness to deal with such an event.

“One area in particular that most organisations identified as a priority was digital risk. With many workforces moving to remote locations, some for the first time, this has opened up greater opportunities to fall victim to cyber crime. Many organisations won’t have considered the security policies and guidelines that a remote workforce – and, by extension, third parties – required until now.”

As workforces also shifted en masse to remote locations, 71% of organisations now identify digital risk as their top priority area. Despite this, 42% shared concerns over inadequate cyber security investment, topping the list of all emerging risk domains. However, over the course the pandemic, organisations have accelerated their investment in technology to gain competitive advantage as they emerge from the pandemic and look towards recovery. Almost half of respondents are now updating their due diligence and monitoring processes using their tech investments to make them ‘intelligence led’ and in real-time, compared with a third last year.

“…we know that crises tend to reinforce the need to invest in good risk management. Much like we saw during the aftermath of the 2007-8 financial crisis, COVID-19 is likely to have a similar effect on future risk procedures,” Park added.

Deloitte’s survey was conducted between December 2020 and January 2021 among 1,170 risk professionals, across 30 countries, reflecting the views of people accountable for third party risk management activities across the consumer, energy resources and industrials, financial services, life sciences and healthcare, government and TMT sectors.

    Share Story:


Cyber risk in the transportation industry
The connected nature of the transport and logistics industries makes them an attractive target for hackers, with potentially disruptive and costly consequences. Between June 2020 and June 2021, the transportation industry saw an 186% increase in weekly ransomware attacks. At the same time, regulations and cyber security standards are lacking – creating weak postures across the board. This podcast explores the key risks. Published April 2022.

Political risk: A fresh perspective
CIR’s editor, Deborah Ritchie speaks with head of PCS at Verisk, Tom Johansmeyer about the confluence of political, nat cat and pandemic risks in a world that is becoming an increasingly risky place in which to do business. Published February 2022.