All industries are seeing improvements in managing their vendor and third-party risks, according to a new study. What has caused this upswing?
One of the key findings of the latest Vendor Risk Management Benchmark Study found a clear correlation between boards with high engagement in and understanding of cybersecurity risks and those with higher process maturity levels. On a 5-point scale, those boards were 1.6 points ahead of those that reported low board engagement.
But while boards are becoming more engaged, this is less the case for vendors – the study found a noticeable difference between the high board engagement levels compared to the organization’s vendors regarding cybersecurity risks.
There are still areas where organizations need work, though: while more areas were reported to be at or near “Fully defined and established,” few could claim the levels of “Fully implemented and operational” or “Continuous improvement.”
Overall VRM Maturity by Area (out of 5.0):
- Program Governance – 3.0
- Policies, Standards and Procedures – 3.1
- Contracts – 3.1
- Vendor Risk Identification and Analysis – 2.0
- Skills and Expertise – 2.7
- Communication and Information Sharing – 2.9
- Tools, Measurement and Analysis – 2.8
- Monitoring and Review – 3.0
For more on the state of vendor and supply chain risks, register for DRI’s next free webinar on Mar. 15 at 2:00 p.m. EDT: “Moving Beyond Firm Boundaries: Is Resilience Enhanced By Supply Chain Continuity Programs?”, sponsored by MetricStream. Dr. Arash Azadegan, Associate Professor at Rutgers Business School and Director of Supply Chain Disruption Research Laboratory (SCDrl), will explore conceptual and practical developments on global supply chain risk, supply chain resilience, and the application of business continuity beyond organizational boundaries. Got questions? Submit them to Dr. Azadegan when you register!