Study Shows Security Gaps In Vendor Risk Management

With cyberattacks and data security threats looming at insecure access points, organizations must make improvements to their risk management programs in order to keep pace with the latest risks and challenges, according to the “2015 Vendor Risk Management Benchmark Study.”

The study, released yesterday (July 8) by the Shared Assessments Program and Protiviti, examines the maturity of organizations’ current vendor risk management programs. Overall, it finds that despite extensive industry standards and regulations, companies are failing to meet mature vendor risk management guidelines and are not investing in the necessary resources to meet best practices.

“The increasing frequency and magnitude of cybersecurity breaches, along with recent and forthcoming regulatory actions, make it imperative that vendor risk management programs make a significant leap forward. This change requires fundamental alterations to strategies, processes and organizational culture,” said Rocco Grillo, a managing director with Protiviti and the firm’s global leader for incident response and forensic investigations. “The good news is that there is greater demand for building more robust vendor risk management programs. This issue is more frequently a part of the agenda for boards of directors, who are regularly seeking assurance from management that the appropriate steps are being taken to combat vendor risk.”

The study examined information from more than 450 C-suite executives, risk management and audit professionals, who rated their organizations using the Vendor Risk Management Maturity Model (VRMMM), a benchmarking tool. On Protiviti’s website, you can download the report but also benchmark your company to see how well it does compared to others. Or you can listen to a podcast on how to raise your company’s VRM maturity level.

The study outlines that deeper changes in organizational culture and individual behavior are needed, especially for financial institutions striving to satisfy the U.S. “Getting to Strong” regulatory mantra. Compared to others, financial services firms continue to rank ahead — most notably in Program Governance, Vendor Risk Identification and Analysis and Communication and Information Sharing. Meanwhile, insurance and health care industries, which have very sensitive data to protect, continue to lag behind financial institutions in fortifying their vendor risk management capabilities.

“The study clearly indicates, across industries and leadership roles, that much work needs to be done,” said Gary S. Roboff, senior advisor with Shared Assessments. “Organizations are asking for more resources and effective, efficient strategies to manage third-party risks, and this research tells us that the C-suite is aware of the need for continued vendor risk management improvement.”

[vc_row full_width=”” parallax=”” parallax_image=””][vc_column width=”1/1″][/vc_column][/vc_row][vc_row full_width=”” parallax=”” parallax_image=””][vc_column width=”1/1″][vc_separator color=”grey” align=”align_center” style=”” border_width=”” el_width=””][vc_single_image image=”148412″ alignment=”center” style=”vc_box_shadow_3d” border_color=”grey” img_link_large=”” img_link_target=”_blank” css_animation=”left-to-right” img_size=”full” link=”http://www.pymnts.com/whats-hot-today/”][vc_column_text css_animation=””]

To check out what else is HOT in the world of payments, click here.

[/vc_column_text][vc_separator color=”grey” align=”align_center” style=”” border_width=”” el_width=””][/vc_column][/vc_row]