New BlueVoyant Report Highlights Gaps in Third-Party Risk Management Despite Increased Investment

New Report Reveals Alarming Trends in Third-Party Risk Management

BlueVoyant, a seasoned leader in cybersecurity defense, has released its sixth annual `State of Supply Chain Defense Report`, revealing shocking statistics regarding third-party risk management. The report emphasizes a troubling trend: despite increased investments in risk management tools and processes, organizations continue to experience significant breaches within their supply chains. In this year's study, a staggering 97% of surveyed organizations reported facing negative impacts from supply chain breaches over the past year, a sharp increase from 81% in 2024.

Shift in Focus

The report highlights a notable shift in focus from compliance and enforcement, which were the primary concerns of 2024, to a deeper understanding of the need for integrating supply chain risk into broader enterprise risk frameworks. Joel Molinoff, Global Head of Third-Party Risk Management at BlueVoyant, emphasized, “As the attack surface expands, an effective third-party risk management program is more important than ever.” This year’s findings suggest that while budgets for security improvements are growing, the actual implementation and support for these initiatives remain lacking.

Key Findings

One of the most concerning discoveries is that nearly half (46%) of organizations participating in the survey reported having optimized Third-Party Risk Management (7(3T̄RP) programs in place. However, there is a critical gap between these maturing programs and the overall organizational commitment to support them effectively. The report states that only 16% of respondents identified risk reduction as the primary motivator for their TPRM initiatives. In contrast, top priorities include compliance with cyber insurance requirements, contractual obligations, and directives from management boards.

Additionally, many organizations have failed to integrate these risk management tools into larger enterprise risk systems, creating silos that lead to inefficiencies. This disconnect has been notably problematic in sectors like financial services, manufacturing, and retail. As organizations aggressively expand their vendor ecosystems—96% plan to grow their third-party collaborations in the coming year—risks also multiply.

Looking Forward

Brendan Conlon, Global Director of TPRM at BlueVoyant, pointed out that while businesses recognize the risks posed by third-party vendors, inconsistent organizational support has left many uncertain about how to effectively address them. “Integrated systems and genuine commitment to risk reduction over simply meeting compliance requirements will be pivotal for achieving notable security outcomes,” Conlon stated.

The research for this report was executed by an independent market research organization, Opinion Matters, which surveyed 1,800 C-suite executives responsible for supply chain and risk management across industries with more than 1,000 employees. To ensure a comprehensive understanding from varied perspectives, the survey included responses from the U.S., Canada, DACH (Germany, Austria, Switzerland), the UK, Asia-Pacific regions, Japan, and Singapore.

Conclusion

While organizations are attempting to grapple with the multitude of risks introduced by their third-party vendors, the key lies in bridging the gap between program maturity and organizational support. BlueVoyant aims to use these insights to continue fostering effective third-party risk management practices across sectors, ensuring businesses not only stay compliant but also effectively mitigate risks that pose threats to their operations.

For more detailed analysis and findings, BlueVoyant invites readers to explore the full `State of Supply Chain Defense Annual Global Insights Report 2025`.