As third-party relationships expand and supply chains grow increasingly interconnected, managing third-party cyber risks has become a top priority for CISOs. In Panorays’ 2025 CISO Survey, we gathered insights from 200 CISOs across leading industries to uncover how they’re navigating the challenges and opportunities in this evolving landscape. Here are the top five findings from this year’s survey—and why they matter for your organization.
1. Third-Party Incidents Are Rising—Fast
An alarming 91% of CISOs reported an increase in third-party cyber incidents over the past year, and with complex supply chains and limited visibility, many organizations are ill-prepared to tackle these escalating risks. This growing correlation between unresolved vulnerabilities and rising incidents highlights the critical need for strong vendor risk management strategies.
Looking ahead, 95% of CISOs anticipate a continued surge in third-party incidents in 2025, making the strengthening of third-party risk management strategies essential to address these challenges.
2. Supply Chain Visibility Remains Critically Limited
Despite its importance, only 3% of organizations have full visibility into their entire supply chain, including third, fourth, and nth-party relationships. This lack of oversight leaves companies exposed to vulnerabilities hidden deep within their supply chains. Expanding visibility is not just a nice-to-have; it’s an essential step toward mitigating risks.
3. AI Adoption Is Accelerating
AI is becoming a game-changer in third-party risk management. Currently, 27% of CISOs are leveraging AI for vendor assessments, with 69% planning to adopt it within the next year. The ability of AI to streamline assessments and reduce manual workloads is driving its rapid adoption, offering a scalable way to tackle complex supply chain risks.
4. Resource Constraints Are Holding Back Progress
A staggering 98% of organizations admit to leaving third-party vulnerabilities unresolved due to resource constraints. Whether it’s limited time, personnel, or budgets, these challenges are preventing organizations from fully addressing their risks. This highlights the importance of investing in solutions that optimize efficiency and reduce manual effort.
5. Budget Gaps Are Hindering Risk Management
81% of CISOs report insufficient budgets for managing third-party risks effectively. This funding gap, coupled with limited executive understanding of third-party cyber risk implications, makes it harder for organizations to allocate the necessary resources to protect their supply chains. Bridging this gap will require stronger communication between cybersecurity teams and business leaders.
6. TPRM Platform Efficacy
Third-Party Risk Management (TPRM) platforms are preferred for their accuracy and comprehensiveness, as they are specifically designed to address the complexities of third-party risks. In contrast, Governance, Risk, and Compliance (GRC) platforms often fall short in fully covering these complexities. As a result, organizations are increasingly transitioning from GRC systems to purpose-built TPRM/TPCRM platforms to achieve better accuracy and more comprehensive risk coverage.
What’s Next?
These five findings provide a glimpse into the critical challenges and opportunities in third-party cyber risk management. Want to dive deeper into the data and uncover actionable insights to strengthen your strategy? The full 2025 CISO Survey is packed with trends, analysis, and recommendations to help you stay ahead of evolving risks. Download the Full Survey Here
Don’t wait to address the growing challenges in third-party risk management. By understanding the trends shaping the industry and leveraging the right tools, your organization can build resilience and confidence in your supply chain. Read the full survey to learn how.
