Why are Traditional Risk Management tactics not enough?

Why are Traditional Risk Management tactics not enough?

| Team TrustLayer

In a world where lawsuits are on the rise, and a class action lawsuit could result in significant damages to both a business’ finances and reputation, third party risk management is continually evolving to keep pace. Traditional risk mitigation efforts may no longer be as effective, particularly in our digital world. 

So, how can you expand your risk management toolbox to cover additional risks? Third party insurance verification. 


Why Traditional Third Party Risk Management Isn’t Enough Anymore

In the past, TPRM teams relied on concentric circles of risk management. After sorting vendors into risk tiers, a third party risk manager could perform any or all of these functions. 

Common TPRM functions included;

  • Identity verification
  • Background checks
  • License and certification verification
  • Security questionnaires
  • Safety and security training
  • On-site inspections

The growing problem with traditional TPRM is that while these functions do reduce risk, they don’t offer financial protection in the event of a loss. They’re designed to prevent a loss, not pay for one. Which is why today’s TPRM practices must expand to include insurance verification. 

In 2020, businesses incurred [losses of $1.1 billion in product liability lawsuits and insurers spent $667 million on settlement expenses]( If a vendor supplied your business with a faulty product which led to an expensive lawsuit, it’s possible your business or insurance policy would have to cover those costs. However, if that third party carried sufficient liability insurance coverages, their policy would cover the losses.


When Can Third Party Insurance Verification Cover Your Business?

Imagine a cyber attack succeeds in breaching a hospital’s records system, resulting in the leak of 1,000’s of patients’ personal health information. The resulting class action lawsuit could be in the millions. Hopefully, the third party who provided the records system has cybersecurity insurance. 

Cyber attacks through phishing or ransomware are becoming more prevalent, particularly as the pandemic hastened the transition to a digital office. The average cost of a data breach in 2021 was $4.24 million, 10% higher than in 2020. The average cost per customer PII record was $180, if you multiplied your customer count by that figure, how much could you have to pay out? 

If the risk manager at the hospital system had verified third party insurance coverage, they wouldn’t have to hope for the best. They would know if the third party has cybersecurity coverage with limits high enough to cover the data breach’s costs. If, during the verification process, they reviewed the third party’s COI and found coverage to be lacking, the risk manager might have worked with the third party to mitigate the gap.


How to Verify Third Party Insurance

Third-party insurance verification is often the missing step in many TPRM programs. Large organizations who do business with multiple vendors might find it beneficial to look into investing in a digital tracking program. 

Verifying a certificate of insurance (COI) is a simple but helpful safeguard that helps businesses avoid the natural risks of working with third parties. A robust platform like Trust Layer sends automatic vendor emails to collect COIs, provides a central place to upload and store them, and can compare COIs to established minimums and flag insufficient coverage. Proactive verification also allows your risk management team to mobilize quickly if a potential loss arises.

You might also like