Explore

  • Trending
  • Latest
  • Tools
  • Browse
  • AI Assistant
  • Subscription Feed

Logistics

  • Ocean
  • Air Cargo
  • Road & Rail
  • Warehousing
  • Last Mile

Regions

  • Southeast Asia
  • South Asia
  • Central Asia
  • Japan & Korea
  • Middle East
  • Europe
  • Russia
  • Africa
  • North America
  • Latin America
  • Australia
SCI.AI
  • Supply Chain
    • Strategy & Planning
    • Logistics & Transport
    • Manufacturing
    • Inventory & Fulfillment
  • Procurement
    • Strategic Sourcing
    • Supplier Management
    • Supply Chain Finance
  • Technology
    • AI & Automation
    • Robotics
    • Digital Platforms
  • Risk & Resilience
  • Sustainability
  • Research
  • Expert Columns
  • English
    • Chinese
    • English
No Result
View All Result
  • Login
  • Register
SCI.AI
No Result
View All Result
Home Procurement

Third-Party Risk Surge: 35% of Breaches Originate from Vendors

2026/04/09
in Procurement
0 0
Third-Party Risk Surge: 35% of Breaches Originate from Vendors

According to www.ncontracts.com, more than 35% of data breaches now originate from a compromised vendor or partner — not from internal control failures. This finding anchors the April 2026 Vendor Management News, a monthly regulatory and risk intelligence update for financial services firms.

Escalating Third-Party Threat Landscape

The report identifies three converging forces intensifying third-party risk: geopolitical conflict, AI-powered cyberattacks, and cyber inequity across vendor ecosystems. These dynamics mean even well-defended organizations face serious incidents through their supply chains. The guidance is unequivocal: organizations must plan for vendor compromise as inevitable, not hypothetical, and embed coordinated incident response into vendor risk programs before disruption occurs.

Regulatory Deadlines and Examination Priorities

Smaller registered investment advisers (RIAs) with less than $1.5 billion in assets under management must comply with the SEC’s amended Regulation S-P by June 3, 2026. Key requirements include:

  • Written incident response programs
  • Customer breach notification within 30 days
  • Formal oversight of service providers handling customer data, including a 72-hour notification requirement if a provider suffers a breach

The SEC has named Reg S-P compliance a 2026 examination priority, underscoring urgency for smaller firms.

AI Use in Investment Advising: Five Compliance Imperatives

As AI moves closer to core investment decisions, regulators are shifting focus from conflicts of interest to fiduciary duty of care. The SEC’s 2026 examination priorities explicitly flag automated investment tools and AI technologies. Advisers must be prepared to:

  • Explain what their AI tools and vendors do, and how they monitor them
  • Document intended use cases and material changes
  • Assess how customer data flows through AI systems under Regulation S-P
  • Account for increasing tool autonomy in monitoring and governance
  • Evaluate vendor sub-outsourcing and cloud dependencies affecting data residency and control

Operational Gaps in Vendor Exit Planning

Static exit plans and generic documentation are insufficient when critical suppliers fail or underperform. Leading firms now build scenario-specific strategies distinguishing between planned and stressed exits, continuously refresh documentation as supplier models evolve, and integrate exit planning into business continuity and disaster recovery functions. Crucially, hidden sub-outsourcing chains and cloud dependencies remain a persistent blind spot — without deeper dependency mapping, rapid large-scale exits may prove infeasible in practice.

Vendor Support: An Underweighted Critical Factor

Banks and credit unions often prioritize features over service quality when selecting vendors — a pattern that backfires under pressure. The American Bankers Association’s (ABA) most recent Core Platforms Survey reports average vendor satisfaction at just 3.19 out of 5, with core provider effectiveness scoring even lower at 2.78. When credit union leaders whose tech plans fell short were asked why, 53% cited insufficient vendor support. For community institutions navigating competitive pressure, regulatory change, and AI deployment demands, evaluating vendors on service quality, client satisfaction data, case resolution times, and support team structure is critical.

Cyber Resilience Requires Executive Accountability

Supply chain attacks scale easily: compromising one vendor can expose hundreds of downstream networks. Yet only 16% of UK organizations brief their C-suite on cybersecurity monthly or more, creating accountability gaps at the top. Real resilience demands more than reactive patching — it requires mapping root causes, maintaining clear supplier documentation, and embedding incident response coordination across the entire vendor ecosystem, including every supplier relationship.

Lloyds Banking Group Data Exposure Incident

A software defect during an overnight update at Lloyds Banking Group allowed customers to briefly view transaction data belonging to other users, including account numbers and National Insurance numbers. Almost 450,000 customers were affected.

Source: www.ncontracts.com

Compiled from international media by the SCI.AI editorial team.

More on This Topic

  • J&J to spend up to $750M restructuring pharma supply chain (Jul 20, 2026)
  • DHS, DOT investigate 75 CDL schools for fraud (Jul 19, 2026)
  • 2026 air cargo rates rise 15% amid Iran war disruption (Jul 19, 2026)
  • RTS Link to Raise Singaporean Spending in Johor Bahru by $813M Annually (Jul 19, 2026)
  • Private Equity to Deploy $2T in Freight M&A Over 18 Months (Jul 18, 2026)
ShareTweet

Related Posts

J&J to spend up to $750M restructuring pharma supply chain
Procurement

J&J to spend up to $750M restructuring pharma supply chain

July 20, 2026
0
DHS, DOT investigate 75 CDL schools for fraud
AI & Automation

DHS, DOT investigate 75 CDL schools for fraud

July 19, 2026
2
2026 air cargo rates rise 15% amid Iran war disruption
AI & Automation

2026 air cargo rates rise 15% amid Iran war disruption

July 19, 2026
2
RTS Link to Raise Singaporean Spending in Johor Bahru by $813M Annually
Procurement

RTS Link to Raise Singaporean Spending in Johor Bahru by $813M Annually

July 19, 2026
2
Private Equity to Deploy $2T in Freight M&A Over 18 Months
AI & Automation

Private Equity to Deploy $2T in Freight M&A Over 18 Months

July 18, 2026
5
ArcBest cuts 2% of jobs, closes 10 LTL terminals
AI & Automation

ArcBest cuts 2% of jobs, closes 10 LTL terminals

July 17, 2026
15

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Industrial Chain Systems Market to Reach $5.2B by 2030

15 Views
April 12, 2026
The Green Technology Surge: How $73.9B in Sustainable Innovation Is Rewiring Global Supply Chains

The Green Technology Surge: How $73.9B in Sustainable Innovation Is Rewiring Global Supply Chains

10 Views
February 28, 2026
Microsoft’s Supply Chain 2.0: AI Agents, Digital Twins and Physical AI Transform Strategy

Microsoft’s Supply Chain 2.0: AI Agents, Digital Twins and Physical AI Transform Strategy

13 Views
April 1, 2026
Trump reinstates Iran blockade, proposes 20% Hormuz cargo fee

Trump reinstates Iran blockade, proposes 20% Hormuz cargo fee

9 Views
July 14, 2026
Show More

SCI.AI

Global Supply Chain Intelligence. Delivering real-time news, analysis, and insights for supply chain professionals worldwide.

Categories

  • Supply Chain Management
  • Procurement
  • Technology

 

  • Risk & Resilience
  • Sustainability
  • Research

© 2026 SCI.AI. All rights reserved.

Powered by SCI.AI Intelligence Platform

Welcome Back!

Sign In with Facebook
Sign In with Google
Sign In with Linked In
OR

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Sign Up with Facebook
Sign Up with Google
Sign Up with Linked In
OR

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Scan to share via WeChat

Open WeChat and scan the QR code to share

QR Code

Add New Playlist

No Result
View All Result
  • Supply Chain
    • Strategy & Planning
    • Logistics & Transport
    • Manufacturing
    • Inventory & Fulfillment
  • Procurement
    • Strategic Sourcing
    • Supplier Management
    • Supply Chain Finance
  • Technology
    • AI & Automation
    • Robotics
    • Digital Platforms
  • Risk & Resilience
  • Sustainability
  • Research
  • Expert Columns
  • English
    • Chinese
    • English
  • Login
  • Sign Up

© 2026 SCI.AI