drj logo
  • This field is for validation purposes and should be left unchanged.

Already have an account? Log in

drj logo

Welcome to DRJ

Already registered user? Please login here

Login Form

Register
Forgot password? Click here to reset

Create new account
(it's completely free). Subscribe

Skip to content
Disaster Recovery Journal
  • EN ESPAÑOL
  • SIGN IN
  • SUBSCRIBE
  • THE JOURNAL
    • Digital Edition
    • Article Submission
    • DRJ Annual Resource Directories
    • Article Archives
    • Career Spotlight
  • EVENTS
    • DRJ Spring 2023
    • DRJ Fall 2023
    • Other Industry Events
    • Schedule & Archive
  • WEBINARS
    • Upcoming Webinars
    • On Demand
  • MENTOR PROGRAM
  • DRJ ACADEMY
    • DRJ Academy
    • Beginner’s Guide to BC
  • RESOURCES
    • New to Business Continuity?
    • White Papers
    • DR Rules and Regs
    • Planning Groups
    • Business Directory
    • Business Resilience Decoded
    • DRJ Glossary of Business Continuity Terms
    • Careers
  • ABOUT
    • Advertise with DRJ
    • DE&I
    • Board and Committees
      • Executive Council Members
      • Editorial Advisory Board
      • Career Development Committee
      • Glossary Committee
      • Rules and Regulations Committee
  • Podcast

Blind In The Marketplace: How Vendors and Suppliers Expose Enterprises to Risk

by Jon Seals | August 20, 2021 | | 0 comments

By David Thomas, CEO & Founder, Evident

A new quantitative study has exposed what some risk managers and compliance executives have suspected: Vendors are not complying with corporate insurance requirements, representing a significant risk for their clients and partners. The report – based on thousands of anonymized verification attempts – reveals the extent of the problem, and it’s more serious than most executives might believe.

The report provides detail to help companies better identify their own risk levels. The study also reveals that this is a problem not just for risk and compliance managers, but also for C-level financial and operations executives.

Trust, And Fail To Verify?

The study – published as an easy-to-follow infographic titled “The State of Third-Party Insurance Verification” – shows 75% of third parties were not compliant with the insurance requirements of the companies that hire them, despite detailed policies and procedures to verify that the appropriate insurance coverage exists.

The study highlights the exact points and extent to which the verification process breaks down in three-quarters of the cases, including:

  • 27% start but do not complete the verification process
  • 23% fail to respond to Certificate of Insurance (COI) verification requests entirely
  • 12% receive exceptions to the requirements
  • 9% fall out of compliance after initial success
  • 4% simply choose to not comply

There is a foundational disconnect between the corporate departments that specify the insurance requirements for vendors and partners, and those responsible for assuring compliance and verification. By reducing the verification process to an administrative task, its significance is downplayed to a point where it can be overlooked or ignored.

The result can be considerable unexpected financial exposure to the company the insurance requirements are designed to protect. For larger companies, these are the “deep pockets” that are frequently the targets of legal action, whether deserved or not.

In addition, failure by third-parties to obtain adequate coverage simply moves the cost to the enterprise in terms of increased coverage and higher premiums.

When enterprises can clearly demonstrate that a third-party network meets its insurance requirements, they can negotiate more competitive liability premiums and create a more efficient insurance coverage tower.

Is Ops Opting Out?

Whether incomplete verification is a deliberate or inadvertent decision, the issue remains critical as global supply chains increase exposure to risks. The challenge is compounded by the rapid restoration of supply chains as the world emerges from the pandemic lockdown. The desire to get businesses back to full capacity can often override prudent measures to mitigate corporate liabilities.

Cyber liability is another exploding area of financial exposure for companies and their vendors and partners. The interoperations of networked systems have blurred or even erased the bright lines of culpability in the event of data breaches and the deployment of malware. This issue has exploded in recent headlines following a rise in high-profile ransomware attacks. Such vulnerabilities have existed for decades, but unprecedented ransom demands, rising losses, and increasing cyber insurance premiums are making it difficult for companies to quietly manage the fallout of data breaches in an effort to protect their brand and business.

All these exposures can come from an urgency to onboard vendors of critical supplies or services, or a desire to avoid friction with otherwise trusted partners. In many cases, this critical policy decision is made at the clerical level despite its potentially strategic implications. When interdepartmental workflows are disconnected from business outcomes, the teams managing the financial consequences of risk will struggle to keep pace as new exposures are created.

A Reckoning vs. A Recourse

The financial scale of these exposures elevates them to C-suite challenges that demand attention at the highest level. The challenge remains how enterprises can gain visibility into – much less gain control over – this critical operational detail.

Understanding how and where the verification process breaks down and reinforcing the process “gates” can improve compliance and better protect companies. Simplifying the process by employing a cloud-based verification service can give executives visibility into non-compliance and enable judgment calls to be made at the strategic level, where they belong.  

As a result, emerging tools that can both simplify and strengthen verification processes are being increasingly adopted at large enterprises. This enables specific prescriptive remediation of gaps or oversights. Alternatively, such a detailed report can inform a strategic decision by upper management on how to handle the resource or the relationship. Leveraging these tools allows companies to better protect themselves from third-party insurance claims and can more than pay for themselves in reduced premiums gained from their rigorous use.

Businesses that can demonstrate improvements in vendor compliance through automated verification reports are positioned to negotiate more competitive insurance rates at renewal. With just minor improvements, some have reported 2-5% reductions in liability premium spend.

It is ultimately the responsibility of the C-suite to ensure third-party COI verifications are properly conducted and completed. With the right tools in place, consistent verifications can be relatively frictionless and inexpensive, lead to more favorable insurance renewals, and shield a company from potential claims.

The full report can be seen here.

About the Author: The CEO and Founder of Evident, David Thomas, is a cybersecurity entrepreneur and industry expert. Having held key leadership roles at market-pioneers Motorola, AirDefense, VeriSign, and SecureIT, he has a history of introducing innovative technologies and getting them to market. Recruited at a young age by the Department of Defense, David has been at the forefront of cybersecurity. David sees cybersecurity as the key ingredient to enable reliable, fast interconnectivity between people.


Related Content

  1. Disaster Recovery Journal
    Innovative Enterprise Risk Management Tools
  2. Disaster Recovery Journal
    Vendor Continuity Management: From Risk to Resilience
  3. Disaster Recovery Journal
    The State of Enterprise Risk Management 2016

Recent Posts

ACI Worldwide Increases Global Reach, Powering 25 Domestic and Pan-Regional Real-Time Schemes

February 1, 2023

UMC and Cadence Collaborate on 3D-IC Hybrid Bonding Reference Flow

February 1, 2023

CORRECTING and REPLACING Inspur listed as a Representative Vendor in 2022 Gartner® Market Guide for Edge Computing

February 1, 2023

WM Announces Fourth Quarter and Full-Year 2022 Earnings

January 31, 2023

LiveRamp Announces Identity Resolution Solution for AWS Clean Rooms

January 31, 2023

With New Vertical, Innova Solutions Focuses on Advancing Innovation in Healthcare & Life Sciences

January 31, 2023

Archives

  • February 2023 (3)
  • January 2023 (1391)
  • December 2022 (1144)
  • November 2022 (1595)
  • October 2022 (1574)
  • September 2022 (1571)
  • August 2022 (1581)
  • July 2022 (1365)
  • June 2022 (1711)
  • May 2022 (1651)
  • April 2022 (1618)
  • March 2022 (1924)
  • February 2022 (1549)
  • January 2022 (1472)
  • December 2021 (1446)
  • November 2021 (1835)
  • October 2021 (1777)
  • September 2021 (1697)
  • August 2021 (1661)
  • July 2021 (1566)
  • June 2021 (1768)
  • May 2021 (1666)
  • April 2021 (1798)
  • March 2021 (1907)
  • February 2021 (1038)
  • January 2021 (554)
  • December 2020 (30)
  • November 2020 (35)
  • October 2020 (48)
  • September 2020 (57)
  • August 2020 (52)
  • July 2020 (40)
  • June 2020 (72)
  • May 2020 (46)
  • April 2020 (59)
  • March 2020 (46)
  • February 2020 (28)
  • January 2020 (36)
  • December 2019 (22)
  • November 2019 (11)
  • October 2019 (36)
  • September 2019 (44)
  • August 2019 (77)
  • July 2019 (117)
  • June 2019 (106)
  • May 2019 (49)
  • April 2019 (47)
  • March 2019 (24)
  • February 2019 (37)
  • January 2019 (12)
  • ARTICLES & NEWS

    • Business Continuity
    • Disaster Recovery
    • Crisis Management & Communications
    • Risk Management
    • Article Archives
    • Industry News

    THE JOURNAL

    • Digital Edition
    • Advertising & Media Kit
    • Submit an Article
    • Career Spotlight

    RESOURCES

    • White Papers
    • Rules & Regulations
    • FAQs
    • Glossary of Terms
    • Industry Groups
    • Business & Resource Directory
    • Business Resilience Decoded
    • Careers

    EVENTS

    • Spring 2023

    WEBINARS

    • Watch Now
    • Upcoming

    CONTACT

    • Article Submission
    • Media Kit
    • Contact Us

    ABOUT DRJ

    Disaster Recovery Journal is the industry’s largest resource for business continuity, disaster recovery, crisis management, and risk management, reaching a global network of more than 138,000 professionals. Offering weekly webinars, the latest industry news, rules and regulations, podcasts, the industry’s only official mentoring program, a quarterly magazine, and two annual live conferences, DRJ is leading the way to keep professionals up-to-date and connected in an ever-changing world.

    LEARN MORE

    TWITTER

    Disaster Recovery Journal is the leading publication/event covering business continuity/disaster recovery.

    Follow us for daily updates @drjournal

    Newsletter

    The Journal, right in your inbox.

    Be informed and stay connected by getting the latest in news, events, webinars and whitepapers on Business Continuity and Disaster Recovery.

    Subscribe Now
    Copyright 2023 Disater Recovery Journal
    • Terms of Use
    • Privacy Policy