Rethinking risk in partner ecosystems
Insights from 500+ business leaders on how they’re adapting third-party strategies in a volatile world.
As organizations expand their networks of third-party collaborators, they’re navigating a more complex and unpredictable risk landscape. In our recent webcast, “Building resilient ecosystems: Third-party risk management in a changing world,” senior leaders across risk, supply chain, and strategy shared their perspectives on how organizations should respond to these challenges.
The discussion was grounded in findings from the KPMG report, The partner paradox: How to thrive in an evolving risk landscape, and shaped by live polling from over 500 webcast participants. Responses offer a clear view into how organizations are managing third-party risk within increasingly interconnected partner ecosystems—and where critical gaps remain.
Third parties are seen as a source of capability, not just cost savings
The majority of webcast participants indicated that their companies are no longer relying on third parties solely for cost savings. In fact, 43% said they engage third-parties primarily for their specialized capabilities and knowledge—more than any other response. Another 16% reported actively expanding their partner networks to diversify their ecosystems.
These findings reflect a broader trend identified in The Partner Paradox, where 83% of executives surveyed said they plan to grow their partner ecosystems over the next one to three years. Yet despite this momentum, many organizations still struggle to align these relationships with long-term strategy. As Jeannie Johnson, Principal at KPMG, noted during the webcast, “It’s not just about expanding the ecosystem—it’s about managing it intentionally.”
AI and cybersecurity are top of mind, but strategies are still evolving
As artificial intelligence becomes more embedded in third-party relationships, organizations are grappling with how to manage the associated cybersecurity risks. During the webcast, 37% of participants said they are still developing their AI security strategy, while only one-third have implemented specific protocols.
This gap is significant. As our report highlights, connected technologies like AI and SaaS are increasing the attack surface across ecosystems, embedding concentration risk into critical infrastructure. Joey Gyengo, KPMG Third-Party Risk Management Leader, emphasized the need for organizations to shift from periodic assessments to real-time sensing. “It’s not just about assessing risk anymore—it’s about sensing it as it happens,” he said.
Many organizations have yet to adjust to macroeconomic disruption
Even as tariffs, inflation, and geopolitical tensions reshape global markets, many organizations have not meaningfully adjusted their third-party risk strategies. In the webcast poll, 35% of respondents said they are monitoring macroeconomic trends but have not yet implemented changes. Another 26% reported making no significant adjustments at all.
This inertia stands in contrast to the urgency reflected in our report, where 73% of manufacturers cited trade uncertainty as their top business challenge. Mary Rollman, KPMG’s U.S. Supply Chain Leader, underscored the importance of scenario modeling and proactive planning. She notes, “If you’re waiting for an event to happen before you respond, you’re already behind.” Organizations are encouraged to model a wide range of scenarios—including those that may seem unlikely—to better prepare for future disruptions.
Many organizations are still focused on compliance, but momentum is building
While some organizations are beginning to modernize their approach to third-party risk, many remain anchored in traditional compliance-focused models. In the final webcast poll, nearly one-third of participants said they are implementing continuous monitoring and real-time analytics. However, 29% reported that their organizations are still primarily focused on compliance, and only 14% are aligning with partners on trusted data protocols.
These findings echo the broader research: Our report notes that only 17% of organizations have extended resiliency plans beyond critical processes, and just half have centralized risk and resiliency structures. Gyengo pointed out that without segmentation and real-time visibility, organizations risk spending time on lower-risk vendors while overlooking those that present more significant exposure.
Rollman added that scenario modeling—especially when used to explore unlikely but high-impact events—can help organizations respond more quickly and effectively when disruptions occur.
Final reflections: Building resilience through intentional ecosystem management
The webcast closed with a discussion of how organizations can strengthen their ecosystems by focusing on four key areas:
- Understanding how third-party relationships intersect and contribute to compound risk
- Building supply chain agility to respond to disruption
- Aligning with third parties on data protocols and governance
- Using AI and analytics to support continuous monitoring
As Grant Harris, former U.S. Department of Commerce official, noted, “The greatest risk is the feeling of being overwhelmed. But with the right framework and the right team, organizations can move from reactive to resilient.”
Sign up to receive the latest Transformation insights
Enter your information to subscribe to our newsletter.
Explore additional insights
Insight
Partner ecosystems: Managing risk in an interconnected world
Learn how to navigate complex third-party relationships and build resilient partner networks in today's volatile business environment.
Insight
Accelerate growth and innovation with partner ecosystems
Unlock your business potential and gain a competitive edge by strategically designing and managing your partner ecosystem.
Insight
Transforming the enterprise of the future
Unlock the full potential of your organization with key insights from the KPMG 2024 Global Transformation Survey.
Meet our team
