Third-Party & Supply Chain

The numbers don’t lie. 96% of S&P 500 companies have experienced data breaches. 41.8% of fintech breaches can be traced back to third-party vendors. 68% of UK fintechs report rising fraud cases, with losses reaching as much as £5 million.These aren’t isolated incidents; they are symptoms of a systemic issue. As organizations become more reliant on third-party ecosystems, the costs of insufficient Third-Party Risk Management (TPRM) have never been greater.

‍The Trump administration has moved to tighten enforcement of the Uyghur Forced Labor Prevention Act (UFLPA), designating five additional Chinese industry sectors as high-priority targets. The U.S. Department of Homeland Security (DHS) announced on August 19, 2025, that steel, copper, lithium, caustic soda, and red dates are now subject to heightened scrutiny under the law, which blocks the importation of goods linked to forced labor in China.

Third-party risk management is no longer a box to tick, it’s a survival strategy. But according to Mitratech’s latest global study, many organizations are still managing sprawling vendor ecosystems with outdated tools, limited visibility, and far too few resources.

In the age of sprawling digital supply chains, third-party risk management has become less of a compliance box to tick and more of a survival strategy. But according to a new 2025 study from Mitratech, many organizations are still trying to manage it all with duct tape and spreadsheets.

The European Securities and Markets Authority (ESMA) is stepping up to ensure that third-party risks don’t get overlooked in the growing complexity of EU securities markets. As more companies turn to third parties for critical functions, ESMA’s new guidelines aim to help supervisors across the EU keep pace with these shifts and ensure a more secure, compliant, and resilient market.

Adidas has disclosed a recent data breach where unauthorized external parties obtained certain consumer data via a third-party customer service provider. While the sportswear giant quickly contained the incident and initiated a comprehensive investigation, the breach raises significant concerns about IT security, data protection, and the role of third-party vendors in safeguarding sensitive consumer data.

Germany has adjusted its earlier position on the European Union’s Corporate Sustainability Due Diligence Directive (CSDDD), softening calls for the law’s outright removal. A spokesperson for the German government, Stefan Kornelius, clarified today that instead of scrapping the law, the government aims to “de-bureaucratize” and “streamline” its implementation, as reported by Reuters and The Economic Times.