In a Gartner survey of 100 executive risk committee members in September 2022, 84% of respondents said that third-party risk “misses” resulted in operations disruptions (see Figure 1). Gartner defines a third-party risk “miss” as a third-party risk incident resulting in at least one of the outcomes in Figure 1 once or more in the 12 months leading up to the survey.

“Most organizations have seen an increase in the number of third parties under contract in recent years,” said Chris Matlock, vice president, research in the Gartner Legal Risk & Compliance Practice. “Moreover, a majority of organizations are also using third parties for new-in-kind-services and have become more reliant on them to conduct their operations. While increased use of third parties can improve business operations in many ways, it also introduces risks that are causing notable impacts on organizations.”