As third-party needs sprawl, so do risk management investments

From a new focus on ESG to a renewed need for cybersecurity, third-party and vendor risk management solutions have become a priority

Jason Koestenblatt
Team Lead, Content Marketing
January 4, 2023

Photo from below a curved glass ceiling

It’s no secret: in a post-pandemic digital landscape, businesses across the globe have created more dependencies by working with third parties and vendors. In doing so, each organization involved has opened innumerable threat vectors, which can be easily exploited if not for investments in third-party and vendor risk management solutions.

The future of third-party risk

Just 28% of organizations continuously monitor third parties throughout engagement lifecycles, and only 16% of organizations say they effectively manage third-party risks, according to Gartner® Third-Party Risk Management Governance and Technology Investments report. 

Third-party and vendor-related issues aren’t just the responsibility of the risk teams, rather, all parts of the business that may have some dealings – even tangentially – with those suppliers. Chief compliance and ethics officers also need to be fully aware of the risks and threats posed by these relationships. As a result, 58% of supply chain organizations have increased their technology budgets to manage critical supply chain risks, Gartner reported. 

ESG steers the conversation

The elevated focus on environmental, social, and governance (ESG) initiatives has created a new avenue for third-party risk management activities and application investments. Because of this, organizations need to rethink their due diligence requirements to encompass ESG-related criteria and perform greater scrutiny of third-party practices. 

Nearly 30% of TPRM vendors are enhancing their solutions in response to the global momentum for ESG by currently supporting ESG-related third-party risks, according to Gartner

Learn more about Third-Party Risk Management Governance and Technology Investments and what the market could look like through 2025 by downloading this report. 

The spiderweb of how these initiatives are interwoven will continue to sprawl – and quickly – as vendor risk programs incorporate ESG demands into their IT decision-making. By 2024, 75% of vendor risk management programs are expected to track the ESG initiatives of the vendors they work with, Gartner reported

Couple that with the fact that 60% of organizations are expected to use cybersecurity risk as a significant determinant in conducting third-party transactions and business engagements by 2025, and it’s clear that additional time, money, and resources will be needed to assess, track, and measure these actions. 

Defining risk use cases

What’s your organizations risk use case? It’ll vary from industry to industry, and even from company to company within the same industry. However, fully understanding your own organization’s risk management workflow and the relevant risk domains will establish a baseline for the actual problem you’re trying to solve. 

Next, identify the right IT vendor risk management solution by shortlisting vendors that service your industry, business size, maturity and geography. Evaluate the capabilities of these vendors against your use cases to make a purchasing decision.​

Most organizations’ IT VRM solutions consist of a GRC/VRM tool that provides workflow management and system of record, and then integrates data and insight subscriptions to confront the risk domains relevant to meet their legal and regulatory obligations. 

Learn more about IT Vendor Risk Management Solutions and how they can help your business by downloading this report. To find out more about OneTrust and how it can help your business accomplish its goals and objectives in vendor risk management, request a free demo here.  

Gartner, Third-Party Risk Management Governance and Technology Investments: A Gartner Trend Insight Report, Ipshita Soni, Koray Kose, Nicholas Sworek, February 10, 2022 

Gartner, Market Guide: IT Vendor Risk Management Solutions, Luke Ellery, Edward Weinstein, Joanne Spencer, September 29, 2022 

Gartner® is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. 

You may also like


Third-Party Risk

Staying vigilant: 7 practical tips for ongoing third-party risk monitoring

In this webinar, we'll share seven practical tips for effective third-party risk monitoring, helping you to identify new risks and take timely action to protect your business.

August 02, 2023

Learn more


Third-Party Risk

Automating third-party management workflows: 5 ways to drive alignment across teams

Join us as we explore how automating third-party management workflows streamlines processes, drives alignment across teams, and reduces reduntant work.

July 19, 2023

Learn more


Third-Party Risk

Are your third parties a privacy compliance liability? 5 tips to reduce your exposure

Join our webinar and learn how to create an effective, privacy-focused third-party risk management (TPRM) program that streamlines recordkeeping and reduces your risk exposure.

July 05, 2023

Learn more