The State of Third-Party Insurance Verification – Research Report
January 4, 2022
In 2021, the pandemic threw all sorts of unexpected curve balls at corporate managers. The evolving situation challenged the accuracy of executive forecasts, the assumptions of corporate risk managers, and the depth of corporate preparation for unforeseen circumstances.
All that has built an intense current focus on evaluating and managing corporate risk, which will certainly continue and accelerate over the next year as a key focus of corporate management.
The coming year will herald all sorts of corporate change, growth, and opportunity. Here are four trends that will likely be of particular interest and focus to corporate risk managers in 2022.
During the pandemic, economic losses from cyberattacks skyrocketed. Heightened awareness of cyber risk increased demand for cyber insurance, so much so that a recent S&P Global Ratings report predicts that not only will insurance rates rise sharply in 2022, but they will – in some cases – even double.
International Data Corporation (IDC) research shows corporations now rank security and compliance as top considerations that management uses to assess whether it will trust potential vendors and other third-party partners, ahead of other concerns such as privacy, sustainability, and diversity.
Upcoming regulatory changes, compliance dates, and federal priorities – particularly as the government invests vast new sums in infrastructure – will impact risk managers’ compliance priorities and where they need to invest time and resources.
In coming months, we will likely see new regulations fast-tracked for cybersecurity standards, first in the form of executive orders to government suppliers (which have already started), and secondly, through expansion to other regulated industries via more specialized government agencies.
Court decisions and penalties such as government fines will set a precedent, and companies will make moves to avoid the newly articulated risks of non-compliance in cybersecurity. This will create a new cybersecurity floor, a standard by which many companies will have to rise to meet. The level of security to reach mere compliance will be closer to the standard of being highly secure.
Forrester predicts that 60% of security incidents will result from issues with third parties. Supply chain concerns will continue well past the 2021 year-end holidays. But it is not only materials availability and delivery timetables that management are concerned about: Corporations increasingly care about verifying whether their third party suppliers have the insurance and certifications they claim to have when they initially sign contracts to provide services.
Remarkably, research has shown that for the average enterprise, 75% of third parties fail to meet contractual insurance requirements. If you’re not managing third-party risk well, you’re risking tremendous liability.
But risk can go beyond third parties. Fourth-party risks are the unseen risks introduced by your third-party partners. As an organization’s vendors maintain relationships with other vendors and partners, they become fourth parties to the organization.
Corporations can protect themselves considerably from third-party, fourth-party, and “Nth-party” risk by ensuring their own third-party risk management systems and checklists are up to par, quizzing third parties about their own third-party risk management systems, and keeping in place strong contingency and business continuity plans in case unexpected incidents do occur.
Corporations will embrace and implement next generation technology in risk. Driven by developments in artificial intelligence and machine learning as well as easy access to huge amounts of data, smart systems will assist, and even at times replace, human-led risk management.
Too many organizations are still managing regulatory change manually. Regulatory technology, or Regtech, has quickly become mainstream in the financial industry at this point, and it will soon become standard in almost all other businesses. Any business which is not using technology to manage regulatory compliance and changes is playing the game with a handicap.
Five or ten years ago, it was understandable why so many businesses did not have regulatory technology implemented – the technology was expensive and hard to implement a decade ago. Solutions available today, however, can be easily afforded by even small organizations and take just a few days to implement with minimal disruptions. At this point the benefits of regulatory technology easily outweigh the its costs by a significant margin.
The good news is that industry-wide, vendors of all sorts are becoming aware of the crucial nature of verification and are beginning to put processes and systems in place to address the issue.
The opportunity (and simultaneous obstacle) for businesses that wish to be successful in the B2B marketplace is to design systems that are much more cognizant of third-party risk, and that will verify what is essential for given role or service qualifications. Strong verification can be effective at reducing risk and liability and ensuring brand integrity, profits, and growth.