Panorays, a leading provider of third-party cyber risk management solutions, has released its 2025 CISO Survey for Third-Party Cyber Risk Management, providing insights on the evolving landscape of third-party cybersecurity. The report explores the priorities, challenges, and trends shaping third-party cyber risk strategies for the coming year.
Findings from the report include:
- While 91 percent of CISOs report an increase in third-party cybersecurity incidents, only three percent have full visibility into their supply chains, including fourth and nth-party relationships. This lack of comprehensive visibility underscores the need for advanced tools and strategies to mitigate growing risks. Unresolved vulnerabilities and expanding supply chain complexities are seen as key contributors to these increases.
- 98 percent of organizations leave at least 10 percent of third-party vulnerabilities unresolved due to limited resources.
- 27 percent of CISOs currently use AI for vendor assessments, with 69 percent planning adoption in 2025 to enhance efficiency and scalability.
- 81 percent of respondents report insufficient funding to address third-party risks effectively.
βThis yearβs survey reveals a troubling story: third-party risks are growing faster than the resources organizations have to address them,β said Matan Or-El, CEO of Panorays. βAs supply chains become more complex and interconnected, the need for smarter, AI-driven solutions is no longer optional, itβs critical for businesses to stay secure.β
The report emphasizes the transformative potential of AI in streamlining vendor assessments and mitigating risks. On average, organizations leveraging AI report a 44 percent reduction in time spent on assessments, enabling teams to focus on higher-value tasks.
