According to an April 2020 Gartner survey of 145 legal and compliance leaders over half of respondents-- specifically 52%-- believe cybersecurity and data breach is the most increased 3rd party risk their organisations face.
“Remote working has been hastily adopted by suppliers to keep their business running, so it’s unlikely every organisation or employee is following best practices,” the analyst says. “Legal and compliance leaders are concerned about the new risks this highly disruptive environment has created for their organisations.”
Gartner continues by saying legal and compliance leaders need act sooner, not later, to mitigate 3rd party risk while enabling supply chain partners to flex to the current pressures on the systems. To do so, they need to manage the contractual risks and opportunities of current relationships, mitigate emerging issues and streamline due diligence for new 3rd parties. In addition, legal and compliance leaders should look at other ways to reduce the compliance burden on 3rd parties.
The survey does note an opportunity in security, as the survey respondents need to review 3rd party compliance activities, including 3rd party work from home policies, as well as privacy and security training plans. Contracts need to include clauses to mitigate security and data privacy risks (such as clauses on VPN and data use), and reduce the compliance burden on suppliers by entering temporary "workaround agreements," amending contracts to maintain services in remote environments. Supplier audits should be postponed to later in the year, and payment structures modified for suppliers in need to boost cash flow.
