Only 12% of TPRM programs now cite a lack of AI strategy as a barrier, which is a significant decrease from 49% in 2024.

Nearly half (approximately 50%) of programmes cite departmental silos as a major barrier.

Fewer than 25% of TPRM programmes are "highly coordinated".

85% of risk managers identify cybersecurity as their most heavily monitored risk.

41% of organisations still rely on spreadsheets to assess third parties.

14% of TPRM programmes actively use Artificial Intelligence (AI).

As a result of TPRM teams being understaffed, organisations are only managing about 40% of their vendor population.

65% of TPRM programmes are exploring AI capabilities.

While 60% of organisations feel manual risk management tools meet basic needs, only 29% can determine risk at every stage of the vendor lifecycle using these tools.

Nearly 70% of Third-Party Risk Management (TPRM) teams report being understaffed.

While 60% of organisations feel manual risk management tools meet basic needs, just 15% feel prepared to respond to third-party incidents.

There is an almost 30% gap between existing and ideal team sizes in TPRM.

While 60% of organisations feel manual risk management tools meet basic needs, only 29% can determine risk at every stage of the vendor lifecycle using these tools.

The presence of compliance teams in TPRM jumped from 42% in 2023 to 88% in 2025.

79% of organizations have expanded their risk management oversight to include data privacy.

70% of companies now actively monitor compliance as part of their risk surveillance.

64% of risk teams track business continuity to understand interdependent risk dynamics.

66% of financial institutions report feeling pressure to enhance their TPRM programs.

85% of financial institutions report moderate to high value from their TPRM programs.

Artificial intelligence ranks as the second-biggest TPRM risk heading into 2025 among financial institutions.