Third-party risk management programs still largely a checkbox exercise

2021-02-24 05:30

Enterprise third-party risk management programs have been around for a half-decade or longer, and at this point most large organizations run one.

Many of these TPRM programs only provide a thin veneer of cybersecurity assurance.

So TPRM programs are nominally jumping through hoops to ask vendors about or observe their security controls.

Some of these programs are just getting underway, but many have been established for some time and the average age of these programs is now five to six years.

Obviously, these investments in TPRM programs are not being fully realized through effective risk reduction, so what gives? The survey results indicate that this may be classic checkbox compliance scenario.

While most TPRM programs are struggling to conduct reliable, actionable assessments at scale, the majority of organizations at least have some infrastructure in play that they can improve upon.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/yQWWpbNoJj0/

#management #riskmanagement

News URL

Related news