Skip to main content
The Actuary: The magazine of the Institute and Faculty of Actuaries - return to the homepage Logo of The Actuary website
  • Search
  • Visit The Actuary Magazine on Facebook
  • Visit The Actuary Magazine on LinkedIn
  • Visit @TheActuaryMag on Twitter
Visit the website of the Institute and Faculty of Actuaries Logo of the Institute and Faculty of Actuaries

Main navigation

  • News
  • Features
    • General Features
    • Interviews
    • Students
    • Opinion
  • Topics
  • Knowledge
    • Business Skills
    • Careers
    • Events
    • Predictions by The Actuary
    • Whitepapers
    • Moody's - Climate Risk Insurers series
    • Webinars
    • Podcasts
  • Jobs
  • IFoA
    • CEO Comment
    • IFoA News
    • People & Social News
    • President Comment
  • Archive
Quick links:
  • Home
  • The Actuary Issues
  • March 2017
03

Lack of third-party risk management leaving businesses vulnerable

Open-access content Monday 20th March 2017 — updated 5.50pm, Wednesday 29th April 2020

Nearly half of organisations across industries such as financial services and healthcare do not have a dedicated third-party risk management function, according to a report from MetricStream.

Nearly half of organisations across industries such as financial services and healthcare do not have a dedicated third-party risk management function, according to a report from MetricStream.
Businesses vulnerable without "vital" risk management ©iStock


This is despite 21% of companies believing they have faced significant risk due to third parties over the last 18 months, and 25% of those who shared financial impact data revealing losses of over £8m.

These costs were generated through a period of downtime, regulatory fines, and reputational damage, with firms that outsource processes and services exposing themselves to a plethora of threats.

MetricStream chief evangelist, French Caldwell, said: "It's clear that many enterprises are yet to grasp fully how vital risk management is, but businesses can no longer plead ignorance. They are responsible for the actions of their third parties and they will bear the brunt of any fallout.

"For example, if a business shares sensitive data with a third-party without checking if it has relevant cybersecurity, and that supplier suffers a data breach, under some rules the company could be liable.

"Not only will it suffer reputational damage, but new regulations such as the EU General Data Protection Regulation could see large fines imposed too."

The research involved a global survey of 40 organisations across 15 industries, including financial services, retail, healthcare, pharmaceuticals, and insurance.

Nearly three-quarters of respondents admitted that they did not track fourth parties in any capacity, meaning they have no visibility past their immediate suppliers.

Caldwell said that as enterprises rapidly adopt Cloud services, entities that would have been third parties when services were managed in-house, become fourth parties, which are more difficult to monitor.

The findings from the survey also reveal that 48% of businesses still use office productivity software, suggesting an immaturity of the function.

"Companies must become more vigilant. That means monitoring the entire supplier and IT services ecosystem more frequently, and, based on associated levels of risk, establishing dedicated third-party risk functions and accountability with GRC technology that enables informed decisions," Caldwell added.


Sign up to our free newsletter here and receive a weekly roundup of news concerning the actuarial profession

This article appeared in our March 2017 issue of The Actuary.
Click here to view this issue
Filed in
03

You might also like...

Share
  • Twitter
  • Facebook
  • Linked in
  • Mail
  • Print

Latest Jobs

Origination Analyst (Pensions to life)

London, England
£50000 - £80000 per annum + generous bonus + benefits
Reference
145979

Senior Pensions Data Specialist (Nationwide)

England / London, England / Greater Manchester, England, Manchester
£45000 - £80000 per annum + dependent on entry level & bonus
Reference
145978

DC Investment Associate/Consultant

England, London / Scotland / England
£45000 - £80000 per annum + generous bonus + benefits
Reference
145977
See all jobs »
 
 

Today's top reads

 
 

Sign up to our newsletter

News, jobs and updates

Sign up

Subscribe to The Actuary

Receive the print edition straight to your door

Subscribe
Spread-iPad-slantB-june.png

Topics

  • Data Science
  • Investment
  • Risk & ERM
  • Pensions
  • Environment
  • Soft skills
  • General Insurance
  • Regulation Standards
  • Health care
  • Technology
  • Reinsurance
  • Global
  • Life insurance
​
FOLLOW US
The Actuary on LinkedIn
@TheActuaryMag on Twitter
Facebook: The Actuary Magazine
CONTACT US
The Actuary
Tel: (+44) 020 7880 6200
​

IFoA

About IFoA
Become an actuary
IFoA Events
About membership

Information

Privacy Policy
Terms & Conditions
Cookie Policy
Think Green

Get in touch

Contact us
Advertise with us
Subscribe to The Actuary Magazine
Contribute

The Actuary Jobs

Actuarial job search
Pensions jobs
General insurance jobs
Solvency II jobs

© 2023 The Actuary. The Actuary is published on behalf of the Institute and Faculty of Actuaries by Redactive Publishing Limited. All rights reserved. Reproduction of any part is not allowed without written permission.

Redactive Media Group Ltd, 71-75 Shelton Street, London WC2H 9JQ