AI increases true positives on vendor risk 500%, cuts risk evaluations to five to eight days, versus legacy approaches taking 60 to 90 days.
The 2024 State of Third Party Risk Management: AI’s Impacts and Future Trends from VISO TRUST confirms that legacy Third-Party Risk Management (TPRM) methods are increasingly unable to keep pace with today’s digitally transforming business environment.
Risk management and compliance professionals have long employed highly detailed questionnaires to help assess the risks involved in conducting business with vendors and other third parties. These questionnaires are extensive and highly detailed, and usually require several back-and-forth cycles to confirm that potential partners are operating in a responsible and secure manner and conform to all necessary technology standards, regulations, laws, statutes, and sector-specific guidance.
Most risk professionals believe that the rigorous and manual coordination is essential to complete these questionnaires and represents best practice in Third Party Risk Management (TPRM).
Until 2020, that was largely true.
Enter AI.
New large language models and generative processing—viewed as “AI for the masses”—have recently entered the public arena, but the fact is that over the last decade in particular, innovators have been evolving machine learning and advanced AI applications with levels of sophistication almost unimaginable to many. The addition of generative AI to these applications is enhancing both their evolution and their usability.
Innovators behind purpose-specific AI applications and initiatives have been hard at work amassing both the data that’s foundational to intelligence and the deep-learning capabilities needed to leverage the massive data troves to derive new knowledge with unprecedented speed and levels of insight.
AI isn’t only a tool, it’s a collaborator. It completes arduous, months-long business functions and tasks in minutes or hours, and imbues its users with new, highly applicable insight and technical acumen. This work is yielding immediate insight that is of greater depth and breadth than most could conceive a few years ago.
It is now helping forward-thinking organizations transform their TPRM programs, enabling analysis of more vendors, at a deeper level, and in a timeframe that supports critical business decisions—and growing the risk practitioner’s value to their organization.
Decisions around mitigation responses to a third party’s cyberattack, the timely analysis of potential M&A partners, and more informative assessments of an organization’s community of potential partners are just some of the insights that risk professionals are offering. These aspects of a risk professional’s role will become even more important as threat actors apply their own AI-enabled, advanced threats.
As many organizations’ partner ecosystems expand and grow increasingly complex, and resources become more stressed, risk managers report that less than 25% of potential and current partners and vendors will fully complete lengthy questionnaires manually.
Platform-derived findings show that VISO TRUST’s AI-driven response and completion rates have risen above 98%. This is unsurprising given that the VISO TRUST knowledge base contains more than 2.4 million companies in the vendor database, recognizes more than 30 security frameworks, and leverages hundreds of different types of source artifacts, from SOC2 filings to sector-specific guidance compliance documentation.
Today, across all industry verticals, more than 90% of third parties can be assessed thoroughly on artifacts and evidence alone, 51% of third parties have detailed assurance artifacts available, and 49% have made detailed technical information (such as penetration tests) available. Only 6% of third parties make this valuable information broadly accessible publicly.
Survey results from risk managers and data from the VISO TRUST platform, which includes profiles on more than 2.4 million companies, automated artifact analysis, public data, and adaptive questionnaires, provides important insights.
Among key findings on legacy TPRM:
AI-driven transformation of TPRM findings:
AI-driven risk management will continue to expand beyond today’s functions to assess and compensate for third party risks in new ways, and break through process and data assessment bottlenecks to help prevent data breaches.
VISO TRUST and our fellow AI innovators continue to look beyond today’s horizon to expand what’s possible as AI redefines the landscape of TPRM. It is essential to delve deeper into how these technologies not only expedite processes, but also enhance the accuracy and depth of risk assessments.
This transformative shift is thoroughly explored in the full report State of Third Party Risk Management in 2024: AI’s Impacts & Future Trends. This report provides a comprehensive overview of the current challenges and inefficiencies plaguing traditional TPRM approaches and it showcases how AI-driven, artifact-based assessments can address these challenges by offering more precise and timely insights, enhancing a company’s ability to make informed decisions at the speed of business.
Patti Jo Rosenthal chats about her role as Manager of K-12 STEM Education Programs at ASME where she drives nationally scaled STEM education initiatives, building pathways that foster equitable access to engineering education assets and fosters curiosity vital to “thinking like an engineer.”