96% of organizations plan to grow their third-party ecosystems over the next year.

46% of organizations reported having established and optimized third-party risk management (TPRM) programs.

Only 16% of organizations listed risk reduction as the primary driver for their third-party risk management programs.

As a result of TPRM teams being understaffed, organisations are only managing about 40% of their vendor population.

Nearly half (approximately 50%) of programmes cite departmental silos as a major barrier.

65% of TPRM programmes are exploring AI capabilities.

Fewer than 25% of TPRM programmes are "highly coordinated".

While 60% of organisations feel manual risk management tools meet basic needs, only 29% can determine risk at every stage of the vendor lifecycle using these tools.

Nearly 70% of Third-Party Risk Management (TPRM) teams report being understaffed.

While 60% of organisations feel manual risk management tools meet basic needs, just 15% feel prepared to respond to third-party incidents.

There is an almost 30% gap between existing and ideal team sizes in TPRM.

While 60% of organisations feel manual risk management tools meet basic needs, only 29% can determine risk at every stage of the vendor lifecycle using these tools.

The presence of compliance teams in TPRM jumped from 42% in 2023 to 88% in 2025.

79% of organizations have expanded their risk management oversight to include data privacy.

70% of companies now actively monitor compliance as part of their risk surveillance.

64% of risk teams track business continuity to understand interdependent risk dynamics.

85% of risk managers identify cybersecurity as their most heavily monitored risk.

41% of organisations still rely on spreadsheets to assess third parties.

14% of TPRM programmes actively use Artificial Intelligence (AI).

Only 12% of TPRM programs now cite a lack of AI strategy as a barrier, which is a significant decrease from 49% in 2024.