Report by Ncontracts

2025 Third-Party Risk Management Survey

9 FINDINGSPublished Apr 7, 2025
View Original Report →

Key Findings

49% of financial institutions experienced a vendor-related cyber incident in the past year.

Ncontracts2025 Third-Party Risk Management Survey·Apr 7, 2025
Vendor riskCyber attackSecurity incidentFinancial institution

66% of financial institutions report feeling pressure to enhance their TPRM programs.

Ncontracts2025 Third-Party Risk Management Survey·Apr 7, 2025
TPRM Financial institution

Nearly half of financial institutions cite auditors and regulators as primary drivers for enhancing TPRM programs.

Ncontracts2025 Third-Party Risk Management Survey·Apr 7, 2025
TPRM AuditorsRegulatorsComplianceFinancial institution

Of the financial institutions who experienced a vendor-related cyber incident, 66% had recovery times under 60 days .

Ncontracts2025 Third-Party Risk Management Survey·Apr 7, 2025
Vendor riskCyber attackSecurity incidentFinancial institutionRecovery

85% of financial institutions report moderate to high value from their TPRM programs.

Ncontracts2025 Third-Party Risk Management Survey·Apr 7, 2025
TPRM Financial institution

Of the financial institutions who experienced a vendor-related cyber incident, 8% had recovery times more than 90 days .

Ncontracts2025 Third-Party Risk Management Survey·Apr 7, 2025
Vendor riskCyber attackSecurity incidentFinancial institutionRecovery

Artificial intelligence ranks as the second-biggest TPRM risk heading into 2025 among financial institutions.

Ncontracts2025 Third-Party Risk Management Survey·Apr 7, 2025
TPRM AIFinancial institution

Half of financial institutions surveyed oversee 300+ vendors.

Ncontracts2025 Third-Party Risk Management Survey·Apr 7, 2025
Vendor riskFinancial institution

73% of financial institutions have two or fewer full-time employees managing vendor risk.

Ncontracts2025 Third-Party Risk Management Survey·Apr 7, 2025
Vendor riskFinancial institution