**London**: A recent overview outlines significant incidents caused by vendor and contract management failures, highlighting the imperative for improved procurement practices. Key cases involve CrowdStrike, ICBC, and others, emphasising the necessity for robust frameworks to mitigate risks and enhance operational resilience in businesses.
The landscape of business operations has become increasingly fraught with risks stemming from vendor and contract management failures, leading to notable incidents that have caused significant financial and operational disruptions across various sectors. A recent overview highlights five major incidents that underscore the importance of effective procurement, legal, and risk management practices.
One of the most notable incidents occurred in July 2024 when CrowdStrike faced a critical software failure that resulted in a global outage of its Falcon sensor software on Windows devices. A minor error in a software update led to over 8.5 million systems going offline, disrupting multiple businesses worldwide. Notably, Delta Airlines suffered extreme operational challenges, with the disruption affecting 7,000 flights and impacting around 1.3 million passengers, leading to losses exceeding $500 million. The aftermath saw Delta suing CrowdStrike in October 2024 over liability issues, while European regulators investigated potential breaches of data protection laws under GDPR.
In a separate incident from November 2023, the Industrial and Commercial Bank of China (ICBC) experienced a ransomware attack by the notorious LockBit group. This attack halted trade clearances within the vast $26 trillion U.S. Treasury market, forcing employees to revert to manual processing methods that involved using USB drives and personal Gmail accounts. The ramifications were substantial; ICBC subsequently secured a $9 billion loan from BNY Mellon to stabilise its U.S. operations. The U.S. Securities and Exchange Commission (SEC) initiated an investigation into ICBC’s operational practices in the wake of this breach.
Further compounding concerns about third-party risk, a 2023 breach at Infosys McCamish Systems (IMS), a vendor to Bank of America, exposed sensitive information for 57,000 customers. The compromised data included names, addresses, and Social Security numbers, leading to heightened fears around identity theft. This incident illustrated the vulnerabilities inherent in supply chains as Bank of America also faced a concurrent breach at another third-party provider, NCB Management Services, affecting nearly 500,000 individuals.
In March 2023, the healthcare sector was rocked by a cyberattack on PharMerica, a U.S. pharmacy services provider, that compromised the personal information of approximately 5.8 million people. The ransomware group Money Message claimed responsibility for this breach, which targeted sensitive patient data including health records and medication details. While specific financial damages were not disclosed, the average cost of a breach in the pharmaceutical sector was reported at $4.82 million.
The regulatory landscape also showcased its enforcement capabilities with the case involving Mako Financial Markets Partnership LLP, which was fined £1,662,700 by the UK’s Financial Conduct Authority (FCA) in February 2025. The fine was imposed due to failures in managing financial crime risks, highlighting the FCA’s commitment to ensuring compliance in the trading sector and its broader implications for financial entities.
The critical analysis of these incidents indicates a growing awareness of the need for robust vendor and contract risk management frameworks. Organisations are encouraged to adopt structured approaches, including Vendor Risk Identification and Due Diligence, automated compliance monitoring, and comprehensive contract governance to address the intricate challenges associated with vendor relationships effectively.
In light of increasing regulatory pressures and complex third-party risks, firms are advised to invest in advanced vendor and contract lifecycle management (VCLM) solutions. These tools provide capabilities for risk assessment, compliance tracking, and performance management, thus enabling organisations to mitigate potential risks proactively and maintain operational resilience in an ever-evolving business landscape.
Source: Noah Wire Services
Subscribe to Industry Updates
