温馨提示:本站仅提供公开网络链接索引服务,不存储、不篡改任何第三方内容,所有内容版权归原作者所有
AI智能索引来源:http://www.pwc.com/us/en/tech-effect/cybersecurity/third-party-relationship-risks.html
点击访问原文链接

TPRM risk: Third Party Tracker: PwC

进入原网站 导航首页
TPRM risk: Third Party Tracker: PwC Skip to content Skip to footer Featured insights Capabilities Industries Technology About us Careers More

Search Menu

Featured insights Featured insights 2026 Global Digital Trust Insights Survey Board governance issues C-suite insights Case studies Policy on Demand Podcasts PwC Executive Pulse Tech Effect Viewpoint Webcasts All Research and insights Menu

Featured insights 2026 Global Digital Trust Insights Survey Menu

Featured insights Board governance issues Menu

Featured insights C-suite insights Board of directors Chief AI Officer (CAIO) Chief Executive Officer (CEO) Chief Financial Officer (CFO) Chief Information Officer (CIO) Chief Information Security Officer (CISO) Chief Marketing Officer (CMO) Chief Operating Officer (COO) Chief Risk Officer (CRO) Controller Corporate development Legal officer Sustainability leader Tax leader Menu

Featured insights Case studies Menu

Featured insights Policy on Demand Menu

Featured insights Podcasts Menu

Featured insights PwC Executive Pulse Menu

Featured insights Tech Effect Menu

Featured insights Viewpoint Menu

Featured insights Webcasts Menu

Featured insights All Research and insights

Featured

America in motion Executive leadership hub - What’s important to the C-suite? Menu

Capabilities Capabilities Audit and Assurance Alliances and ecosystems Artificial Intelligence (AI) Board governance issues Consulting Cybersecurity, Risk and Regulatory Deals Digital assets and crypto Digital assurance and transparency Engineering & AI Enterprise Strategy Financial Markets & Real Estate Finance and Accounting Financial statement audit Front Office Managed Services Metaverse Operations PwC Private Risk Modeling Services Sustainability and ESG Tax services Workforce All capabilities Menu

Capabilities Audit and Assurance Menu

Capabilities Alliances and ecosystems Adobe Amazon Web Services Google Guidewire Microsoft Oracle Salesforce SAP Workday All alliances Menu

Capabilities Artificial Intelligence (AI) Menu

Capabilities Board governance issues Menu

Capabilities Consulting Menu

Capabilities Cybersecurity, Risk and Regulatory Menu

Capabilities Deals Menu

Capabilities Digital assets and crypto Menu

Capabilities Digital assurance and transparency Menu

Capabilities Engineering & AI Menu

Capabilities Enterprise Strategy Menu

Capabilities Financial Markets & Real Estate Menu

Capabilities Finance and Accounting Menu

Capabilities Financial statement audit Menu

Capabilities Front Office Menu

Capabilities Managed Services Menu

Capabilities Metaverse Menu

Capabilities Operations Menu

Capabilities PwC Private Family enterprises Law firms Private equity and portfolio companies Ultra high net worth individuals US inbounds Menu

Capabilities Risk Modeling Services Menu

Capabilities Sustainability and ESG ESG reporting Sustainability strategy Sustainable technology and digital Menu

Capabilities Tax services Menu

Capabilities Workforce Menu

Capabilities All capabilities Menu

Industries Industries Aerospace and defense Asset and wealth management Automotive Banking and capital markets Chemicals Consumer markets Consumer packaged goods Energy Energy and industrials Engineering and construction Financial services Gaming Health industries Health services Hospitality and leisure Industrial manufacturing Insurance Media Medical technology Pharmaceutical and life sciences Power and utilities Private equity Real estate Restaurants, wholesale and agriculture Retail Space Sports Technology Technology, media and telecommunications Telecommunications Travel, transportation and logistics Menu

Industries Aerospace and defense Menu

Industries Asset and wealth management Menu

Industries Automotive Menu

Industries Banking and capital markets Menu

Industries Chemicals Menu

Industries Consumer markets Menu

Industries Consumer packaged goods Menu

Industries Energy Menu

Industries Energy and industrials Menu

Industries Engineering and construction Menu

Industries Financial services Menu

Industries Gaming Menu

Industries Health industries Menu

Industries Health services Menu

Industries Hospitality and leisure Menu

Industries Industrial manufacturing Menu

Industries Insurance Menu

Industries Media Menu

Industries Medical technology Menu

Industries Pharmaceutical and life sciences Menu

Industries Power and utilities Menu

Industries Private equity Menu

Industries Real estate Menu

Industries Restaurants, wholesale and agriculture Menu

Industries Retail Menu

Industries Space Menu

Industries Sports Menu

Industries Technology Menu

Industries Technology, media and telecommunications Menu

Industries Telecommunications Menu

Industries Travel, transportation and logistics Menu

Technology Technology Alliances and ecosystems Delivery platforms Emerging technology Engineering & AI Products Tech-enabled services Tech Effect Menu

Technology Alliances and ecosystems Adobe Amazon Web Services Google Cloud Guidewire Microsoft Oracle Salesforce SAP Workday Menu

Technology Delivery platforms Concourse Sightline Menu

Technology Emerging technology Artificial Intelligence (AI) Digital assets and crypto Metaverse Responsible AI Web3 Menu

Technology Engineering & AI Menu

Technology Products Analytics Foundation Beacon Bookkeeping Connect Connected Solutions Enterprise Control Investor Survey Model Edge Next Level HR Profit Seeker Ready Assess Saratoga Risk Link View all products Menu

Technology Tech-enabled services Agile Commerce Carbon Ledger Culture Thumbprint Enhanced insurance analytics for Salesforce ESG Geospatial Climate Intelligence (GCI) Insights to Enablement Market Advantage Payer Advocacy Center Ready Command Shovel Ready Menu

Technology Tech Effect Menu

About us About us Alumni Analyst relations Investing in our people Newsroom Offices Our leadership Purpose and values Menu

About us Alumni Join the PwC Alumni Network Meet our alumni Menu

About us Analyst relations Menu

About us Investing in our people Menu

About us Newsroom Menu

About us Offices Menu

About us Our leadership Menu

About us Purpose and values Be Well, Work Well Environmental sustainability Inclusion Social impact

Featured

Tech Effect Menu

Careers Careers Why PwC Entry Level Careers Experienced Careers University Relations Menu

Careers Why PwC Benefits & Compensation The PwC Professional US Careers Podcast hub Menu

Careers Entry Level Careers Search opportunities Recruiting process Student Development Programs Advance Internship Military and Veterans Student programs quiz Menu

Careers Experienced Careers Search opportunities Contract opportunities Alumni Careers Military and Veterans Menu

Careers University Relations University Relations Faculty Newsletter

Featured

Shared success benefits Loading Results

View All Results How to uncover the risks of third-party relationships in your supply chains Summary  

Third-party blind spots can cause threats, including data breaches, ransomware, cloud compromises and privacy violations. Today’s technologies can quickly and accurately give an enterprise a clearer, more expansive view of its third parties. PwC developed Third Party Tracker to help determine which vendors pose the highest risk to an enterprise.   

You can’t manage what you don’t see, and businesses have a large blind spot regarding their third-party partnerships.

Only 40% of business executives in our 2022 Global Digital Trust Insights survey say they thoroughly understand the risk of data breaches through third parties. Nearly a quarter have little or no understanding of all these risks — a major blind spot of which cyber attackers are aware and willing to exploit. And yet, enterprise dependence on third parties is increasing, and the number of breaches these partnerships cause is on the rise. One reason why: third-party risk-management (TPRM) processes are woefully out of date.

Many times, organizations vet their third parties, including contractors and vendors primarily using surveys, which depend on accuracy and honesty in their responses. But how likely is any organization to self-report bad news such as a finding of non-compliance or data breach?

Businesses depend on surveys and other traditional vetting processes — despite the problems they can create — for various reasons. Perhaps they don’t know how or where to find data that would provide a more accurate picture of third-party risk. Or they may not have the resources to collect information on hundreds, thousands — or hundreds of thousands — of business partners.

Whatever the reason, risks to their organization continue to snowball as these enterprises take on more vendors, suppliers, resellers, and contractors.

60% of organizations have not done a formal assessment of third-party risks 60% of organizations have not done a formal assessment of third-party risks Data breaches % Privacy violations % Cloud risks % loT/technology vendors % Software supply chain risks % Nth party risks % Source: PwC, 2022 Global Digital Trust Insights, October 2021 The price of TPRM blind spots can extend beyond minor glitches or supply-chain delays to costly, potentially business-crippling threats. These threats include data breaches, ransomware, cloud environment compromises, and privacy violations that could send an enterprise spiraling into non-compliance.

At least one-third of our US survey respondents said that, in the past year alone, they’d experienced significant disruptions due to third parties: software supply chain disruptions (47%), cloud breaches (45%), third-party platform exposures and outages and downtime (41%), or data exfiltration (39%).

All eyes on the data-driven TPRM prize
Regulators are paying close attention to third-party risks, and how companies deal with them. Recent guidance from the US Department of Justice emphasizes the importance of using data to help improve compliance programs. And memos from the Biden administration underscore the federal government’s focus on fighting corruption and improving cybersecurity.

Your third parties’ business practices reflect on your company, too. Investors looking at Environmental, Social, and Governance (ESG) factors will likely want to know that your third parties are operating lawfully and ethically. And to track and report ESG activities, your company must monitor its third-party risks.

Aware of these concerns, PwC and Microsoft sought a solution to the third party problem using new and emerging technologies: artificial intelligence, automation, and data analytics.

Like the lion’s share of enterprises, Microsoft was primarily using surveys to get information on its vendors — more than 250,000 of them. Keeping tabs on the risks they posed, from onboarding all the way through the end of each contract, proved expensive and time-consuming, not to mention rife with blind spots.

These concerns aren’t limited to any one enterprise or industry: they affect most, if not all. But the support of today’s technologies can quickly and accurately give an enterprise a clearer and more expansive view of its third parties — saving time and money, and improving compliance.

Finding the riskiest needles in the third-party stack
Seeking a better way to vet and monitor third-party relationships, PwC developed Third Party Tracker. This solution mines surveys and internal and external information to help determine which vendors pose the highest risk to your enterprise.

The software uses a risk-scoring methodology with parameters that can be customized for your business. Third Party Tracker analyzes data that helps answer specific questions, including: Has it had issues in the past such as data breaches, adverse media reports, or findings of non-compliance? How does it fare with ESG concerns such as sustainability and human rights? In a sense, TPT can help you begin to understand the trustworthiness of your third parties on matters that are important to your business.

Third Party Tracker also considers individual factors such as the amount of business your enterprise is doing or plans to do with the third party and the level of access it has to your networks and data.

Microsoft used Third Party Tracker to identify the riskiest entities among its channel resellers. By focusing its due-diligence efforts on these high-risk entities — rather than applying them to all 250,000+ — the company saved millions of dollars. Eliminating false-positive alerts saved the company additional time and money.

Strengthening the chain
With a list of high-risk third parties in hand, your company can then determine how to best address each. Are any too risky? You may curtail or even end your dealings with them. Or you may opt for on-site audits, or instill controls to mitigate risks. And you may wish to change how you onboard and assess your third parties.

More than half of companies have taken none of the three actions that promise a more lasting impact on their third-party risk management More than half of companies have taken none of the three actions that promise a more lasting impact on their third-party risk management Audited or verified the security posture and compliance of third parties or suppliers % Refined our criteria for onboarding and ongoing assessments of third parties % Provided knowledge-sharing or assistance to third parties shore up their cybersecurity postures % Addresses challenges, cost-related or time related, that affect your ability to be cyber resilient % Rewritten contracts with certain third parties to mitigate our risks % Performed more rigorous due diligence % Exited relationships with certain third parties % None of the above % Source: PwC, 2022 Global Digital Trust Insights, October 2021 Should your third parties’ risk levels rise or fall, you won’t need to wait until the next survey to find out. Third Party Tracker flags when risk scores change so you can get ahead of problems before they happen. Before: And the data it provides helps you talk to your board about the risks so it can exercise better oversight.

Given today's technologies, there’s no reason to remain in the dark about risks. Companies that report being more cyber-secure in the last two years are 11x more likely to understand their third-party risks. Having this knowledge can also create stronger bonds of trust between your business and its third parties and give you the confidence to forge ahead — together — in today’s highly competitive market.

Be cyber-ready for tomorrow See how PwC and Microsoft can help strengthen threat-detection capabilities.

Learn more

Scott Gelber

Principal, Cybersecurity, Privacy & Forensics, PwC US

Email

Chris O'Connor

Managing Director, Cyber Managed Services, PwC US

Email

Douglas Li

Director, Cybersecurity, Privacy & Forensics, PwC US

Email

Next and previous component will go here Our insights. Your choices. Subscribe here Follow us Audit and assurance services Consulting Tax services Newsroom Alumni US offices Contact us © 2017 - 2026 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see http://pwc.zhutiblog.com/com/structure for further details.

Privacy Data Privacy Framework Cookie info Legal Terms and conditions Site provider Site map Your Privacy Choices

智能索引记录