One in two companies believe the cost of a third-party risk incident — such as a supply chain failure, data privacy breach or disruption to IT services — has at least doubled in the past five years (2015-2020), said Deloitte Global.
According to the firm’s Extended Enterprise Risk Management (EERM) survey of more than 1145 respondents from 20 countries between November 2019 and January 2020, companies estimate such an incident would cost them between US$0.5 to $1 billion, or more.
These figures show a marked increase since 2015, when large multinational businesses estimated the cost of a third-party failure at between US$2 to $50 million, said Kristian Park, Deloitte Global leader for Extended Enterprise Risk Management.
- At this point in January 2020, 17% of organizations had faced a high-impact third-party risk incident in the past three years (up from 11% of organizations in 2019).
- High-impact third-party risk incidents relate to incidents with a severe impact on customer service, financial position, regulatory compliance and/or reputation.
- Looking at the ways in which they could be financially affected, 30% of organizations surveyed thought share prices could fall by 10% or more if a third-party incident was not adequately managed.
Do companies want to be a responsible business?
In addition, for the first time in five years, a desire to be a responsible business, that effectively manages social and environmental issues throughout its supply chain, was one of the key reasons companies invest in third-party risk management, Deloitte Global pointed out.
Almost half (43%) cited it as a reason for investment but a large proportion were still not allocating budget to associated areas as 74% of respondents had not allocated funds to managing climate risk, 57% to environmental risk and 54% to modern slavery and labor, the company observed.