Resource Shortages Undermine Risk Coverage: Nearly 70% of TPRM teams are understaffed, managing just 40% of their vendor base on average.
Regulatory Involvement Has Doubled: Compliance team involvement has jumped from 42% in 2023 to 88% in 2025, driven by increasing scrutiny in data privacy and operational resilience.
Cybersecurity Still Leads, But Risk Tracking Diversifies: While 85% of organizations track cybersecurity risk, growing attention is also being given to data privacy (79%), compliance (70%), and business continuity (64%).
Manual Tools Remain Prevalent: 41% of organizations still rely on spreadsheets, with only 29% able to assess risk across the entire vendor lifecycle.
AI Adoption Gains Ground with Caution: 65% of respondents are exploring AI use cases, and 14% are already using AI in their TPRM programs — up from 5% last year — although data security and oversight remain key concerns.