How COVID-19 is impacting third party risk


Few global events have upended the business world as completely as the spread of COVID-19 in 2020. The global pandemic has eliminated the vast majority of business travel, created new hygiene and social distancing protocols for essential workers, and resulted in a massive increase to the number of remote workers globally. PricewaterhouseCoopers found that 77% of corporate offices moved to remote work during the crisis, up from 39% during ordinary times.

Enterprises have been tasked with the Herculean effort of building entirely new processes and protocols to fit the pandemic era within the space of days or weeks, rather than months or years. And many of them aren’t doing as well as you might hope.

A study from cloud security company Iomart found that large scale data breaches increased in frequency by 273% in the first quarter of 2020 compared to the same time period the previous year. That’s likely to increase further for later periods in the year, and is largely due to the sudden shift to a complete remote work environment, which has meant some shortcuts and improvisations around security for companies that weren’t prepared.

And as essential workers may fall sick or be forced to quarantine, companies may be struggling to manage an array of temporary workers under less than optimal conditions. Remote workers may also be struggling with productivity challenges, especially as they might need to balance work with childcare duties. All of this means that companies are struggling with limited oversight and forced to improvise processes—which means new opportunities for risks.

COVID-19-related changes can also lead to increased risks from your third party contacts. The average business works with 583 outside vendors, introducing vulnerabilities into your system with every new contact added.

Here are some key areas that may be impacted:

  • Supply chain risk
    Factory shutdowns and slowdowns have significantly impacted the global supply chain and slowed down logistics and material production. Accenture found that 94% of Fortune 1000 companies are seeing supply chain disruptions due to COVID-19.
  • Cybersecurity risk
    A September report from BlueVoyant found that four out of five organizations had experienced a cybersecurity breach within the past year due to a third-party breach, with respondents on average saying that they’d had security incidents due to their vendors 2.5 times. Only 23% of the companies said that they were monitoring all suppliers, and one-third said that they only reassess their vendors’ cyber risk posture annually or semi-annually, allowing for limited visibility into potential vulnerabilities.
  • Reputational risk
    Many third-party factors can impact your company’s reputation depending on the vendor’s scope of involvement, including the risk of customers’ data being breached, customer service issues, and product material quality issues. With disrupted supply chains, ad hoc remote work environments, and reduced oversight, these issues can more easily arise during the pandemic.
  • Regulatory risks
    Many industries have strict regulatory compliance standards to follow—and if your vendors have been forced to switch to remote work environments, they may not be following the required protocols for training or security. It will be necessary to audit each vendor to determine their compliance protocols and business continuity plans.
  • Strategic risks
    Does working with a certain vendor negatively impact your overall business strategy? This may be the case for vendors in geographical areas where COVID-19 has had an overwhelming impact or has slowed logistics.
  • Operational risk
    Is your company’s infrastructure reliant on third-party services and platforms? It’s important to ensure that they have a strong business continuity plan that will ensure that they’re able to honor their SLAs even in the event of a black swan event like COVID-19.
  • Financial risk
    Some suppliers have been hit hard by lost contracts, increased operational expenses, and other costs in light of the pandemic, and may be at risk of defaulting. It’s important to monitor their credit risk on an ongoing basis to understand when a supplier may be raising red flags.
  • Financial fraud risk
    Third-party fraud is the most common form of fraud, making up 24 percent of all financial fraud, according to BDO LLP’s FraudTrack report. Amid the chaos of COVID-19, 68 percent of Certified Fraud Examiners say that they’ve seen an increase in fraud incidence this year.

Fortunately, by putting robust processes in place that monitor third-party contacts on an ongoing basis, your company can greatly reduce the risk associated with working with third-party vendors. Build a framework for managing risk that analyzes vendors at the procurement and onboarding stages, and monitors for compliance on an ongoing basis. It’s not enough to simply check in quarterly, especially in light of the rapid changes brought on by the pandemic—a fail-proof system will require you to use automated real-time analysis to identify potential vulnerabilities as they occur, rather than catching them weeks or months later.

To learn more about how to implement a system to monitor and protect your organization against third-party risk, download our new eBook.

Related Articles


Galvanize is now part of Diligent.

To stay up to date on the latest product offerings, research and GRC resources please visit or to login to your Galvanize products please visit

Visit Diligent Login