Prevalent 2024 Annual TPRM Study Summary.

The 2024 Prevalent Third-Party Risk Management Study reveals concerning trends in organizational security, particularly regarding third-party risks. The study highlights five key findings:

1. Widespread Third-Party Breaches

A staggering 61% of companies have experienced breaches through third parties, highlighting the critical need for improved security measures. Notable victims include MOVEit, Okta, LastPass, and several other major organizations.

2. Inadequate Risk Management Tools

While most organizations have TPRM programs, 50% still rely on spreadsheets for vendor assessment. Security rating services have seen increased adoption, but organizations often lack comprehensive tool integration for risk management.

3. Resource Constraints

Organizations only manage about 33% of their third-party relationships, primarily due to understaffing. The study found that 37% of companies have just 1-4 people handling third-party assessments, while needing 5-9 people. Lack of resources was cited as the top barrier to TPRM program growth by 63% of respondents.

4. Poor Risk Remediation

While 85-87% of companies track risks throughout the vendor lifecycle, there's a significant gap in risk remediation. Only 29% address risks during sourcing and selection, and just 46% remediate risks identified during risk assessments.

5. Emerging Technology Adoption

While only 5% of companies currently use AI in their TPRM programs, 61% are exploring its potential. Common use cases include reporting, questionnaire completion automation, and data consolidation.

Key Recommendations

The study suggests three main actions for improvement:

1. Establish clear TPRM ownership and cross-functional teams to ensure effective risk remediation
2. Implement automated TPRM processes with centralized platforms for unified risk management
3. Address resource gaps through managed services and AI capabilities

These findings emphasize the growing importance of robust third-party risk management and the need for organizations to evolve their approaches beyond traditional methods to address modern security challenges effectively.

Find the full report Here: https://www.prevalent.net/blog/2024-third-party-risk-management-study/