Most companies are missing key risks at more than one stage of the vendor risk lifecycle, yet few are expanding their TPRM programs to address these risks. 44% of companies report not actively tracking supply chain risks, which were the primary pandemic-related third-party risk management impact. Not tracking these types of risks can open an organization up to reputational damage. Companies need to start thinking about the underlying risks below the surface such as environmental, social and governance (ESG), anti-bribery and corruption (ABAC)
Source: https://www.helpnetsecurity.com/2021/04/21/tprm-programs/