The findings expose systemic weaknesses that proceed to undermine third-party danger packages throughout organizations worldwide. The next highlights illustrate the place packages break down in apply, with the total set of findings detailed within the full report.
- Handbook program execution stays the norm, slowing evaluation cycles and requiring human sources. Practically two-thirds of organizations nonetheless make the most of spreadsheets and homegrown or IT-built instruments as a part of their evaluation administration and monitoring.
- Delayed vendor responses decelerate danger selections. 60% of organizations report vendor response timelines vary from 4 months to greater than 12 months.
- Non-response stays a persistent barrier. 27% of distributors fail to answer assessments in any respect, leaving vital gaps in portfolio visibility.
- AI adoption emerges as a significant accelerator. 50% of organizations reported adopting AI to help third-party danger assessments, and 21% plan to undertake AI within the close to future.
“This analysis exhibits that many third-party danger packages nonetheless lack maturity and fall brief on outcomes. Organizations of all sizes spend money on TPRM, however that effort doesn’t at all times translate into environment friendly, efficient assessments or constant danger discount,” stated Scott West, Vice President of Product Advertising and marketing at ProcessUnity. “We invite TPRM leaders and practitioners to make use of this analysis to benchmark their packages and construct plans to enhance measurement, velocity, scalability, and visibility to handle third-party danger extra successfully.”
The analysis interprets these findings right into a blueprint for scaling third-party danger assessments. Organizations can enhance outcomes by evolving from periodic critiques to steady oversight, making use of inherent danger to prioritize distributors that introduce the best publicity, imposing accountability for response and remediation, and lengthening visibility past direct distributors to incorporate downstream dependencies and focus danger. As well as, accelerating AI adoption now permits resource-constrained TPRM groups to cut back handbook effort whereas rising velocity, consistency, and perception throughout the evaluation lifecycle.
“Our analysis is devoted to serving to organizations enhance oversight as third-party ecosystems broaden,” stated Dr. Larry Ponemon, Chairman and Founding father of the Ponemon Institute. “These findings present why scalable execution and measurable outcomes are important. We surveyed third-party danger leaders and practitioners globally to look at how organizations assess distributors in apply and the place modernization is most wanted.”
Detailed findings within the report discover evaluation timelines, tooling reliance, finances possession, fourth-party danger, business and company-size breakouts, and extra.


















