deloitte US third-party failures [shutterstock: 304657877, AVN Photo Lab]
[shutterstock: 304657877, AVN Photo Lab]
Management Press Release

Deloitte: Third-Party Failures Can Cost Companies Up To US$1 Billion

One in two companies believe the cost of a third-party risk incident – such as a supply chain failure, data privacy breach or disruption to IT services – has at least doubled in the past five years (2015 to 2020), according to Deloitte.

The Deloitte research shows that companies estimate a third-party failure would cost them between US$0.5 to $1 billion, or more. These figures show a marked increase since 2015, when large multinational businesses estimated the cost of a third-party failure at between US$2 to $50 million.

Deloitte’s Extended Enterprise Risk Management (EERM) survey was undertaken between November 2019 and January 2020, prior to the outbreak of COVID-19 being declared a global pandemic. The global survey collates results of more than 1,145 respondents in all major industry segments, from 20 countries around the world. At this point in January 2020, 17 percent of organizations had faced a high-impact third-party risk incident in the past three years (up from 11 percent of organizations in 2019). High-impact third-party risk incidents relate to incidents with a severe impact on customer service, financial position, regulatory compliance and/or reputation.

Looking at the ways in which they could be financially affected, 30 percent of organizations surveyed thought share prices could fall by 10 percent or more if a third-party incident was not adequately managed.

Investment in responsible business

For the first time in five years, a desire to be a responsible business that effectively manages social and environmental issues throughout its supply chain was one of the key reasons companies invest in third-party risk management. Almost half (43 percent) cited it as a reason for investment. Despite this, a large proportion were still not allocating budget to associated areas – 74 percent of respondents had not allocated funds to managing climate risk, 57 percent to environmental risk and 54 percent to modern slavery and labor.

Over half (59 percent) of respondents thought they were under-investing in EERM, though this fell from 70 percent last year. Budget for managing third-party risk was skewed towards certain areas, including information security, cyber risk, data privacy, and health and safety. This is largely in line with the largest proportion of third-party incidents, which were related to cyber risk, bribery corruption and information security.


About the author

E-3 Magazine

Articles published through E-3 Magazine International. This includes press releases by our partners as well as articles and reports from the E-3 team of journalists.

Add Comment

Click here to post a comment

Sign up for e3zine´s biweekly newsbites

Please do not use administrative mail adresses like "noreply@..", "admin@.." or similar as these may get blocked for security reasons.

We use rapidmail for dispatching our newsletter. By signing up, you agree that the data you have entered will be transmitted to rapidmail. Please take note of their terms and conditions and privacy policy.termsandconditions.

Our Authors