Organizations are feeling pressure to improve their TPRM programs from both internal and external sources –– likely from growing awareness that most data breaches originate from third-party vulnerabilities.
Are you feeling pressure to improve your third-party risk management program?
Download Full Report
Program size and structure
Program investment
Vendor landscape
Vendor risk assessments and timing
Vendor due diligence questionnaires and documentation requirements
Third-party risk management metrics
Fourth-party risk management
Regulatory focus and exam/audit results
Third-party risk management challenges
Top vendor risks (such as cybersecurity, artificial intelligence)
Third-party risk management strategies
Best practices for 2025
Third-party risk management ROI
The State of Third-Party Risk Management 2025 whitepaper provides an in-depth overview of the third-party risk management industry’s current focus, challenges, trends, and recommendations.
This essential resource is packed with industry statistics and insights, giving you the critical information needed to make confident, informed decisions on topics such as:
Download Now!
Pressure to Improve Vendor Oversight
At what stage of development is your third-party risk management program?
Vendor risk management is maturing at organizations, with evidence of increased collaboration and a more comprehensive understanding of the complexities involved in managing third-party relationships.
Third-Party Risk Management Programs Are Maturing
How is your organization currently or planning to assess/monitor vendor usage of artificial intelligence (AI)?
Vendor use of artificial intelligence is a top concern, with organizations allotting more vendor management resources to mitigating this risk.
In 2024, 37% of organizations weren’t managing AI risk. That number has fallen dramatically in 2025 to just 23% – a 38% decline.
Managing the Risks of Vendors Using AI
Peace of mind, savings through contract management, and being compliant with regulatory requirements.
Bank, Greater than $10B
Governance, better control of third-party spend, and reduces the risk of third-party incidents.
Insurance, 1,001-5,000 employees
Raising awareness to the business on the possible risk associated with any vendor engagement.
Non-Financial Institution Lending, 501-1,000 employees
Governance, better control of third-party spend, and reduces the risk of third-party incidents.
Insurance, 1,001-5,000 employees
Are you feeling pressure to improve your third-party risk management program?
At what stage of development is your third-party risk management program?
Adding usage language to the contract
Documenting risks internally
Verbal communication with vendor
Sending questionnaires
We aren't currently monitoring vendor AI usage
Unsure
Collecting vendor documentation
40%
39%
38%
32%
23%
21%
14%
31%
6%
30%
No
Yes, auditors/regulators
/examiners
Yes, client demand
Yes, internal management or the board
At what stage of development is your third-party risk management program?
Optimizing
22%
22%
39%
15%
2%
Managed
Implementing
Developing
Ad Hoc
