News Feed Item

Loss Impact of Third-Party Risks Can Easily Exceed $10 Million Reveals MetricStream Research

The report, "How Organizations Are Managing Third-Party Risks," surveyed executives in 40+ organizations across 15 industries to identify dominant trends in third-party risk management

PALO ALTO, Calif., March 20, 2017 /PRNewswire/ -- MetricStream Research has released its latest report, "How Organizations Are Managing Third-Party Risks," where approximately one in five respondents indicated that their organization has faced significant risk exposure due to a third party in the last 18 months; of those who shared loss data, 25% said that the loss impact was greater than $10 million. The report is based on a 2016 survey of executives in 40+ organizations, across 15+ industries, including financial services, retail, health care, pharmaceuticals, insurance, manufacturing, and telecom.

As companies outsource their processes or services, they expose themselves to a range of third-party risks, including data security risks, business disruptions, legal liabilities, corruption and bribery risks, and compliance risks – all of which have a major impact on profits and brand value. Fourth-party risk management is also emerging as a key area of focus, with organizations being held responsible not just for the actions of their immediate third parties, but also for the actions of their third parties' vendors and suppliers. Adding further impetus are regulations from authorities such as the Office of the Comptroller of the Currency (OCC) and the Consumer Financial Protection Bureau (CFPB), as well as mandates such as the UK Bribery Act and the Health Insurance Portability and Accountability Act (HIPAA), which stipulate stringent requirements for third-party governance.

To find out how organizations are managing their third-party risks in this regulatory climate, MetricStream surveyed professionals from risk management, compliance, legal, supplier management, audit, IT, and other business functions. The survey covered four primary areas: the responsibility for and ownership of third-party risks; the process of third-party risk assessment; the impact of third-party risk incidents and measures taken to resolve issues; and the role of technology in managing third-party risks.

Below are the key findings from the report:

  • 21% of respondents reported that their organizations faced risk exposure due to third parties in the last 18 months; of those who shared financial impact data on the losses, 25% said that the loss impact was greater than $10 million
  • The top three parameters on which third-party risks are assessed include:
    • Data protection
    • Financial viability
    • Maintaining service level agreements
  • Of the organizations with a dedicated third-party risk management function, 59% indicated that third-party risk management is included within their organizations' broader enterprise risk management function
  • 44% of respondents reported that their organizations don't have a dedicated third-party risk management function or a centralized third-party information repository
  • Nearly half of the respondents (48%) still use office productivity software to manage third-party risks
  • 73% of respondents do not track their fourth parties

Commenting on the survey findings, French Caldwell, Chief Evangelist, MetricStream said, "Increased enforcement from regulators like the US Department of Justice and the UK Serious Fraud Office underscores the importance of third-party risk management. However, as the survey results demonstrate, many organizations still don't have dedicated resources or effective tools to manage their third-party risks. If companies want to build truly beneficial relationships with their vendors or suppliers, they need to be more vigilant – and that means monitoring third parties more frequently based on the associated level of risk, establishing clearly defined roles and processes for third-party governance, and implementing integrated systems that give organizations the risk visibility they need to make informed decisions about their third parties."

To access the MetricStream Research report on third-party risk management, click here.

About MetricStream

MetricStream, the independent market leader in enterprise and cloud applications for Governance, Risk, Compliance (GRC) and Quality Management, makes GRC simple. MetricStream apps improve business performance by strengthening risk management, corporate governance, regulatory compliance, vendor governance, and quality management for hundreds of thousands of users in dozens of industries, including Financial Services, Healthcare, Life Sciences, Energy and Utilities, Food, Retail, CPG, Government, Hi-Tech and Manufacturing. MetricStream is headquartered in Palo Alto, California, with an operations and R&D center in Bangalore, India, and sales and operations support in 12 other cities globally. (www.metricstream.com)

Media Contact:
Molly Palm
US: +1 (925) 451-1468
[email protected]

To view the original version on PR Newswire, visit:http://www.prnewswire.com/news-releases/loss-impact-of-third-party-risks-can-easily-exceed-10-million-reveals-metricstream-research-300425498.html

SOURCE MetricStream

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
Cloud Expo, Inc. has announced today that Andi Mann and Aruna Ravichandran have been named Co-Chairs of @DevOpsSummit at Cloud Expo Silicon Valley which will take place Oct. 31-Nov. 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. "DevOps is at the intersection of technology and business-optimizing tools, organizations and processes to bring measurable improvements in productivity and profitability," said Aruna Ravichandran, vice president, DevOps product and solutions marketing...
The next XaaS is CICDaaS. Why? Because CICD saves developers a huge amount of time. CD is an especially great option for projects that require multiple and frequent contributions to be integrated. But… securing CICD best practices is an emerging, essential, yet little understood practice for DevOps teams and their Cloud Service Providers. The only way to get CICD to work in a highly secure environment takes collaboration, patience and persistence. Building CICD in the cloud requires rigorous a...
In his Opening Keynote at 21st Cloud Expo, John Considine, General Manager of IBM Cloud Infrastructure, will lead you through the exciting evolution of the cloud. He'll look at this major disruption from the perspective of technology, business models, and what this means for enterprises of all sizes. John Considine is General Manager of Cloud Infrastructure Services at IBM. In that role he is responsible for leading IBM’s public cloud infrastructure including strategy, development, and offering ...
SYS-CON Events announced today that IBM has been named “Diamond Sponsor” of SYS-CON's 21st Cloud Expo, which will take place on October 31 through November 2nd 2017 at the Santa Clara Convention Center in Santa Clara, California.
SYS-CON Events announced today that N3N will exhibit at SYS-CON's @ThingsExpo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. N3N’s solutions increase the effectiveness of operations and control centers, increase the value of IoT investments, and facilitate real-time operational decision making. N3N enables operations teams with a four dimensional digital “big board” that consolidates real-time live video feeds alongside IoT sensor data a...
Gemini is Yahoo’s native and search advertising platform. To ensure the quality of a complex distributed system that spans multiple products and components and across various desktop websites and mobile app and web experiences – both Yahoo owned and operated and third-party syndication (supply), with complex interaction with more than a billion users and numerous advertisers globally (demand) – it becomes imperative to automate a set of end-to-end tests 24x7 to detect bugs and regression. In th...
In a recent survey, Sumo Logic surveyed 1,500 customers who employ cloud services such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). According to the survey, a quarter of the respondents have already deployed Docker containers and nearly as many (23 percent) are employing the AWS Lambda serverless computing framework. It’s clear: serverless is here to stay. The adoption does come with some needed changes, within both application development and operations. Tha...
SYS-CON Events announced today that Avere Systems, a leading provider of enterprise storage for the hybrid cloud, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Avere delivers a more modern architectural approach to storage that doesn't require the overprovisioning of storage capacity to achieve performance, overspending on expensive storage media for inactive data or the overbui...
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend 21st Cloud Expo October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
Companies are harnessing data in ways we once associated with science fiction. Analysts have access to a plethora of visualization and reporting tools, but considering the vast amount of data businesses collect and limitations of CPUs, end users are forced to design their structures and systems with limitations. Until now. As the cloud toolkit to analyze data has evolved, GPUs have stepped in to massively parallel SQL, visualization and machine learning.
We all know that end users experience the Internet primarily with mobile devices. From an app development perspective, we know that successfully responding to the needs of mobile customers depends on rapid DevOps – failing fast, in short, until the right solution evolves in your customers' relationship to your business. Whether you’re decomposing an SOA monolith, or developing a new application cloud natively, it’s not a question of using microservices – not doing so will be a path to eventual b...
Digital transformation is changing the face of business. The IDC predicts that enterprises will commit to a massive new scale of digital transformation, to stake out leadership positions in the "digital transformation economy." Accordingly, attendees at the upcoming Cloud Expo | @ThingsExpo at the Santa Clara Convention Center in Santa Clara, CA, Oct 31-Nov 2, will find fresh new content in a new track called Enterprise Cloud & Digital Transformation.
Most technology leaders, contemporary and from the hardware era, are reshaping their businesses to do software. They hope to capture value from emerging technologies such as IoT, SDN, and AI. Ultimately, irrespective of the vertical, it is about deriving value from independent software applications participating in an ecosystem as one comprehensive solution. In his session at @ThingsExpo, Kausik Sridhar, founder and CTO of Pulzze Systems, will discuss how given the magnitude of today's applicati...
Smart cities have the potential to change our lives at so many levels for citizens: less pollution, reduced parking obstacles, better health, education and more energy savings. Real-time data streaming and the Internet of Things (IoT) possess the power to turn this vision into a reality. However, most organizations today are building their data infrastructure to focus solely on addressing immediate business needs vs. a platform capable of quickly adapting emerging technologies to address future ...
The dynamic nature of the cloud means that change is a constant when it comes to modern cloud-based infrastructure. Delivering modern applications to end users, therefore, is a constantly shifting challenge. Delivery automation helps IT Ops teams ensure that apps are providing an optimal end user experience over hybrid-cloud and multi-cloud environments, no matter what the current state of the infrastructure is. To employ a delivery automation strategy that reflects your business rules, making r...