Third Party Risk Management

Natural disasters, cyberattacks, data breaches, supply chain disruptions: just a few of the sudden shocks that can stun your company’s vendors and leave you struggling with unhappy customers and stakeholders.
Is your company's reputation in someone else's hands?

Playback of this video is not currently available

Disruptive events like these have become more frequent, their consequences more costly. In fact, a survey by the Ponemon Institute found that more than 41% of surveyed companies sustained a data breach caused by a third party. And the consequent loss of brand value typically ranged from $184 million to more than $330 million.

Indisputably, there are benefits to outsourcing – from lower costs to heightened efficiency and a sharpened focus on core business objectives. But if vendors lack strong safeguards and controls, your company is exposed to fiscal, operational, regulatory and reputational risk.

The damage can be major. Case in point: A 2012 data breach at a large merchant processor cost a company more than $84 million and precipitated its removal from the global registry of a major card issuer.

But how do you identify which risks are most critical?

Pinpointing third party risks

An effective third party risk management (TPRM) program will make your business safer and more secure. You’ll be able to identify and monitor current and future vendor risks while improving transparency in controls and related activities.

PwC’s comprehensive TPRM framework addresses strategy, structure, people, process and technology issues across the TPRM lifecycle, helping you:

  • Assess your current environment.
  • Increase the efficiency and effectiveness of vendor-related risk management.
  • Develop a customized TPRM framework.
  • Develop a risk stratification protocol to highlight risks by vendor.
  • Implement and conduct effective TPRM activities, such as vendor assessments.
  • Establish a comprehensive TPRM governance and reporting process.

Our TPRM team understands vendor risk. We’ve seen what can happen. We’ve helped clients prevent or recover from third-related disruptions. And we’re ready to help you implement a TPRM program that will strengthen your position and build more effective partnerships that protect your brand – and your business.

When you outsource operations, risk and compliance remain your responsibility. Don’t be blindsided by a third party’s inadequacies. Start the discussion today on how to protect your company.

Contact us

Dean Spitzer
Director - Cybersecurity and Third Party Risk
Tel: +1 (585) 231 6145

Follow us