Navigating the New Normal: 5 Takeaways From Our Risk Trends Report

As the digital landscape evolves and organizational ecosystems expand, third-party risk management (TPRM) is central to strong GRC and security programs.

With a significant rise in supply chain attacks—surpassing the damage done by malware by over 40% in 2022 alone—it's clear that the risks associated with third-party engagements are escalating in frequency and severity. This area of concern will only increase as organizations continue to deploy third-party tools to power their businesses but fail to implement the proper safeguards to manage those tools.

To better understand the TPRM strategies of today's enterprises, we surveyed 300 U.S. GRC, IT, and security professionals for their sentiments on the priorities, challenges, and opportunities within third-party risk management (TPRM). Below are the top insights from our survey, and you can download the full Risk Trends Report here.

5 Key Insights on Managing Third-Party Risk

Here are the top five takeaways from the report that outline the current and future state of third-party risk management:

1. Third Party Risk Management Program Challenges

A majority of companies (83%) report negative consequences resulting from their current third party risk management processes or lack thereof. This statistic underscores the need for a more structured and practical approach to third-party risk management.

2. Time and Resource Investment

An eye-opening 69% of enterprise companies spend over 1000 hours annually on managing risk, emphasizing the heavy resource allocation businesses are dedicating to risk management practices.

3. Visibility Crisis 

A staggering 80% of businesses admit to a concerning lack of visibility into their third-parties' security posture. This gap in visibility is compounded by the fact that nearly half (47%) of those with resources for thorough third-party screening still feel they need more transparency.

4. Automation and Continuous Monitoring 

Security professionals prefer continuous, automated monitoring, with 65% favoring monthly or even real-time compliance checks. However, the current state of third party risk management processes often lacks the necessary automation, calling for a shift toward more proactive risk management.

5. Proactive Strategy and Optimism

There is a clear trend towards integrated risk management with 64% prioritizing this approach to achieve complete visibility into third and fourth-party risk exposure. Businesses are recognizing the need to shorten the time between review periods, ideally to a quarterly basis.

The report paints a picture of an industry at a crossroads, with companies grappling with the complexities of TPRM in a world where cyber threats are becoming increasingly sophisticated.

Yet, there is a sense of emerging optimism as organizations pivot towards proactive strategies that leverage technology and automation to enhance visibility and response times.

The insights from our Risk Trends Report serve as a wake-up call for businesses to reassess their third-party risk management frameworks, invest in the right tools and processes, and embrace a forward-looking posture that prioritizes continuous improvement and agility in the face of evolving risks. To learn more about Drata's TPRM solution, schedule a demo with our team.