2025 Third-Party Risk Management Survey

49% of financial institutions experienced a vendor-related cyber incident in the past year.

66% of financial institutions report feeling pressure to enhance their TPRM programs.

Nearly half of financial institutions cite auditors and regulators as primary drivers for enhancing TPRM programs.

Of the financial institutions who experienced a vendor-related cyber incident, 66% had recovery times under 60 days .

85% of financial institutions report moderate to high value from their TPRM programs.

Of the financial institutions who experienced a vendor-related cyber incident, 8% had recovery times more than 90 days .

Artificial intelligence ranks as the second-biggest TPRM risk heading into 2025 among financial institutions.

Half of financial institutions surveyed oversee 300+ vendors.

73% of financial institutions have two or fewer full-time employees managing vendor risk.