Latest survey provides insights into the current practices, challenges, and trends shaping third-party risk management (TPRM) across various industries
Ncontracts, the leading provider of integrated compliance, risk, and third-party management solutions to the financial services industry, published the 2025 Venminder State of Third-Party Risk Management Survey, offering a comprehensive look at how organizations are navigating the complexities of third-party risk.
“The 2025 survey results underscore the complexities of third-party risk management and the increasing sophistication of TPRM programs”
Now in its ninth year, this survey dives deep into current practices, challenges, compliance drivers, and the tangible benefits of robust third-party risk management (TPRM) programs.
Key findings from the 2025 survey include:
- Hybrid TPRM Model Adoption Surges: 52% of respondents now use a hybrid TPRM operating model, up 41% from the previous year, indicating a maturing understanding of third-party risk management complexities.
- Increased Vendor Management: Organizations are managing more vendors than ever, with notable increases in programs handling 101-300 vendors (28%, up from 23%) and those with over 1,000 vendors (18%, up from 16%).
- TPRM Staffing Challenges: Despite managing more vendors, TPRM staffing has not increased proportionally. Programs with 1-2 full-time employees rose from 43% to 48%.
- Shift Towards Dedicated TPRM Tools: The use of dedicated TPRM software platforms increased by 19%, with 64% of respondents now using such tools.
- Rising Focus on Vendor Cybersecurity and AI Risks: 49% of organizations experienced vendor-related cyber incidents in 2024. Additionally, there’s growing attention to managing vendor AI risks, with a significant decrease in organizations not monitoring AI usage (from 37% to 23%).
Read More: SalesTech Meets Blockchain: Redefining Trust in B2B Transactions
“The 2025 survey results underscore the complexities of third-party risk management and the increasing sophistication of TPRM programs,” said Michael Berman, founder and CEO of Ncontracts. “As organizations grapple with expanding vendor portfolios and emerging risks like AI, it’s clear that robust TPRM strategies are more critical than ever.”
The survey, conducted between November 2024 and January 2025, gathered responses from a diverse range of industries, including financial services, fintech, healthcare, and IT. It reflects the perspectives of organizations of all sizes, from small businesses to large enterprises with over 5,000 employees.
