This is the fifth year that the Shared Assessments Program and Protiviti have partnered in researching the maturity of Vendor Risk Management (VRM) programs. The research, which looks at organizations’ maturity of vendor risk management, provides helpful benchmarks to evaluate third party risk management programs against a comprehensive set of best practices.
Our research shows that increasing pressures in the risk and regulatory environments continue to pose severe challenges to third VRM programs. In addition, Despite increased regulatory scrutiny at a global, national and state level, growing cyber threats and a riskier business environment, the overall maturity level of VRM programs has neither increased or decreased over the past 12 months. At the same time, our findings also point to a number of effective and cost-efficient approaches to get off this treadmill and achieve more substantial VRM progress.
Our key 2019 report findings include:
"A company's reputation established and nurtured for 100 years can suffer severe and lasting damage following just one high-profile cyber attack. As a result, it can be difficult for boards to feel fully confident in how they are monitoring cybersecurity risk, both within the organization and especially among vendors."
- Scott Laliberte, Managing Director - Security and Privacy Practice Global Leader, Protiviti
Listen to our on-demand webinar where we discuss the survey results and provide insights into what organizations are doing to protect themselves from third party vendor risk.