New BlueVoyant Report Reveals Increased Investment in Third-Party Risk Management, Yet Major Gaps and Breaches Still Persist

News provided by

BlueVoyant

Nov 20, 2025, 08:00 ET

Study finds 97% of organizations report they were negatively impacted by a breach in their supply chain over the past twelve months

NEW YORK, Nov. 20, 2025 /PRNewswire/ -- BlueVoyant, a leader in cyber defense, today released its sixth annual State of Supply Chain Defense Report. The 2025 study highlights a shift in focus: instead of concentrating on enforcement and compliance (the primary concern in 2024), organizations are now focused on the lack of integration of supply chain risk into broader enterprise risk frameworks. The survey also highlights ongoing investment in tools, teams and processes, although gaps between program maturity and organizational commitment still remain.

"As the attack surface expands, an effective third-party risk management program is more important than ever," said Joel Molinoff, Global Head of Third-Party Risk Management at BlueVoyant. "For six years now, the goal of this report has been to raise awareness and understanding on building a successful third-party risk program. While there are bright spots from this year's survey, there is still more work to be done to ensure we can start closing this gap between program maturity and organizational commitment." 

This year's study found an alarming 97% of organizations reported negative impacts from supply chain breaches over the past twelve months, up from 81% in 2024. While there is marked growth in budgets and maturity, organizations are increasingly struggling to combat supply chain threats. Key data points observed in the report include:

  • As TPRM programs mature, they're lacking internal support: While nearly half (46%) of organizations report established and optimized TPRM programs, there is a troubling gap between maturity and organizational support.
  • Reducing risk may be taking a back seat to compliance: Only 16% of respondents listed risk reduction as the primary program driver, while cyber insurance requirements, contractual obligations, and board mandates came out on top.
  • Gaps in integration lead to silos and inefficiencies: While organizations have made investments into TPRM tools and processes, many have neglected to integrate those into broader enterprise risk frameworks. Sectors like financial services, manufacturing, defense, and retail all listed a lack of integration as a top pain point.
  • Vendor ecosystem growth often surpasses program maturity: An overwhelming 96% of organizations plan to grow their third-party ecosystems over the next year, with some sectors like healthcare projecting double digit expansion. Unfortunately, many organizations are adding vendors faster than they're adding visibility, validation, or remediation capacity.

"Organizations are fully aware of the risks their third-party vendors pose, but they're less clear on how to tackle the problem because of inconsistent organizational support," said Brendan Conlon, Global Director of Third-Party Risk Management at BlueVoyant. "Integrated systems and genuine commitment to risk reduction over simply meeting compliance requirements will be the difference in delivering positive security outcomes and drowning in box checking."

The study was carried out by an independent market research organization, Opinion Matters, who surveyed 1,800 C-suite leaders responsible for supply chain and risk management. The respondents represented organizations with 1,000-plus employees across a range of industries. To gain a global perspective, the research was conducted in the following regions: U.S., Canada, DACH (Germany, Austria, Switzerland), the U.K., APAC (including Australia, Malaysia and the Philippines), Japan, and Singapore.

Learn more about the full report: The State of Supply Chain Defense: Annual Global Insights Report 2025, including analysis across multiple countries and vertical sectors.

About BlueVoyant 
BlueVoyant delivers a comprehensive cloud-native security operations platform that provides real-time threat monitoring for networks, endpoints, and supply chains, extending to the clear, deep, and dark web. The platform integrates advanced AI technology with expert human insight to offer extensive protection and swift threat mitigation, ensuring enterprise cybersecurity. Trusted by more than 1,000 clients globally, and the 2024 Microsoft Worldwide Security Partner of the Year, BlueVoyant sets the standard for modern cyber defense solutions.

BlueVoyant Press Contact: 
Patrick Shea
[email protected]

SOURCE BlueVoyant

21%

more press release views with 
Request a Demo

Also from this source

BlueVoyant is a proud participant in the Microsoft Sentinel partner ecosystem

BlueVoyant is a proud participant in the Microsoft Sentinel partner ecosystem

BlueVoyant today announced its inclusion in the Microsoft Sentinel partner ecosystem. BlueVoyant was selected based on their proven experience with...
BlueVoyant and Auto-ISAC Partner to Elevate Third-Party Cyber Risk Management Across the Automotive Industry

BlueVoyant and Auto-ISAC Partner to Elevate Third-Party Cyber Risk Management Across the Automotive Industry

BlueVoyant, a leader in cyber defense, today announced a strategic engagement with the Automotive Information Sharing and Analysis Center (Auto-ISAC) ...
More Releases From This Source

Explore

Computer & Electronics

Computer & Electronics

High Tech Security

High Tech Security

Computer Software

Computer Software

Computer Software

Computer Software

News Releases in Similar Topics