Third-party cyber risk continues to concern security leaders as vendor ecosystems grow, supply chains stretch, and AI plays a larger role in business operations. A recent Panorays survey of U.S. CISOs shows rising third-party incidents and growing regulatory attention, while visibility beyond direct vendors and the resources to manage that risk continue to fall short.
Ranking of third-party cyber risk compared to other cybersecurity risks
Third-party risk remains a top concern
CISOs rank third-party cyber risk among their highest-impact threats. Vendor relationships touch nearly every core business function, from cloud infrastructure and software development to data processing and AI services. Each added dependency expands the attack surface and increases the number of organizations involved in protecting sensitive systems and data.
Security leaders describe third-party exposure as a core risk management issue that affects business continuity. This view reflects growing awareness that failures outside the organization can disrupt internal operations.
Reported third-party incidents continued to rise over the past year. CISOs say these events stem from a mix of direct…
