Managing concentration risk in multilayered organizations: Strategies and insights

Article

The recent CrowdStrike incident has starkly highlighted the dangers of over-reliance on a single technology provider and the far-reaching impacts of concentration risk. As organizations increasingly depend on a limited number of third parties for critical services, the collapse of one can trigger widespread disruption, as evidenced by the global fallout affecting banks, airlines, and other industries.

Aug 23, 2024

Gemma Stewart, Global Head of Vendor Management (TPRM), Zurich Insurance Company

Managing concentration risk in multilayered organizations: Strategies and insights

The views and opinions expressed in this content are those of the thought leader as an individual and are not attributed to CeFPro or any other organization

The CrowdStrike failure exemplifies the severe impact of concentration risk, demonstrating how reliance on a single provider can lead to widespread disruption across multiple industries.
Effective concentration risk management requires a data-driven approach, including assessing the geographical and non-geographical risks associated with third-party services and continuously monitoring these risks.
Organizations must adopt proactive strategies to mitigate concentration risk by diversifying service providers and locations, as well as regularly updating risk assessments to reflect changing conditions.
In the face of unpredictable events, such as geopolitical tensions, having comprehensive and up-to-date data is essential for quickly assessing and responding to the impact on supply chains and services.