Cyber Risk and Artificial Intelligence Play an Increasing Role in Third-Party Risk and Compliance
Cyber risk will be a primary concern for compliance and procurement professionals in the next six months. The adoption of automation is also a high priority, though many have doubts about their ability to implement the technology successfully. These are among the findings of Dun & Bradstreet’s fourth “Compliance and Procurement Sentiment Report,” an ongoing survey designed to uncover the issues impacting compliance and procurement professionals.
We surveyed more than 600 professionals from the US and UK, and this fourth edition measures sentiment compared to our June 2018 benchmark and previous “Sentiment Reports,” published in October 2018 and February 2019. This issue explores the challenges of cyber risk and the top areas expected to benefit from artificial intelligence (AI).
In this most recent study, the overall sentiment remains positive and has remained consistent since the first survey, completed in June 2018. While there has been a decline in the overall confidence in their current and future effectiveness as a function, respondents are reporting less concern that existing regulations will increase the risk to their business within the next three months.
The Challenge of Cyber Risk
Cyber risk is top of mind for compliance and procurement functions. That’s no surprise, given the heightened awareness of risk in the digital world. In order to perform accurate customer and vendor due diligence, compliance and procurement professionals must plan for cyber risk. Yet, when asked, 48% of survey respondents had not yet implemented a cyber risk approach toward third parties.
Part of the challenge when assessing a supplier’s cyber risk readiness is that there are many differing policies and points of view on how to best address the need. Additionally, as it relates to cyber risk, many of those in the procurement function lack the expertise necessary for implementation.
|Top Four Concerns in the Next Six Months
|Customer/vendor due diligence, internal training to ensure understanding of regulations, ongoing supplier/vendor monitoring, implementing a risk-based approach
|Customer/vendor due diligence, internal training to ensure understanding of regulations, ESG, ongoing supplier/vendor monitoring
|Customer/vendor due diligence, ESG, internal training to ensure understanding of regulations, ongoing supplier/vendor monitoring
|Cybersecurity, internal training to ensure understanding of regulations, customer/vendor due diligence, supplier due diligence
As third-party risk management and compliance programs become increasingly complex and costly, compliance and procurement teams are looking to solutions that allow for automation. Technology like AI can accelerate the onboarding and due diligence processes while reducing costs.
However, the adoption of AI within the compliance and procurement function is not something that will be sorted out quickly. While more than half of survey respondents believe that AI will improve efficiencies, 45% were not confident they have the right skills in place to use AI within the next year. This indicates that training and hiring the right talent will be key to any compliance or procurement organization looking to implement AI.
The fourth “Sentiment Report” uncovered more insights into the challenges and opportunities that compliance and procurement professionals face in implementing cybersecurity and artificial intelligence. The report (downloadable below) delves into these topics in greater detail.