Gaining visibility into these relationships and their potential weaknesses can be challenging, particularly for large, complex organizations. Consider a company that is aggressively acquiring new entities. If the sales team has a mandate to move fast, operations, controllers, third-party risk management and IT may struggle to keep up with the vendor risk management from the stream of new vendors and subcontractors. Far too often, assessments of third- and Nth-party risk may be ad hoc, incomplete or non-existent.
Responding to PwC’s 2022 Global Digital Trust Survey, 75% of executives reported their organizations are overly complex, leading to “concerning” cyber and privacy risks. Our survey also found that many organizations have a blind spot arising from third parties and the supply chain. Only 31% said their understanding of Nth-party risk was based on formal enterprise-wide assessments. The remainder had a limited, ad hoc understanding or none at all. The organizations with industry-leading cybersecurity outcomes, however, often have a strong understanding of cyber and privacy risks from third parties.
