Welcome to the second study examining perceptions and practices in third‑party risk management (TPRM). It’s been a while since the last edition, which was conducted in the middle of a global pandemic in 2020. Business and technology paradigms have shifted since then, and it’s high time we examined how TPRM programs have evolved with them.
One paradigm shift that’s particularly relevant is the eroding barrier between “us” and “them” when it comes to managing cyber risk. The Security and Exchange Commission’s (SEC) recent ruling is a perfect example, concluding that investors see no difference between a breach occurring in first vs. third‑party systems when assessing the materiality of an cyber event.
It’s not surprising, then, that our findings demonstrate TPRM has grown in strategic priority and scope. The stakes are higher too; supply chains are expanding and third‑party breaches are much more common. But we also see evidence that TPRM teams are rising to meet the challenge. Ready to join them in that endeavor? Great—let’s get started!