Panorays publishes 2026 CISO survey on third-party risk
Panorays released the 2026 edition of its CISO Survey for Third-Party Cyber Risk Management and reported widespread visibility gaps that executives said undermined their ability to track third-party threats.
The report placed those visibility shortfalls alongside rising incident counts and constrained resources, noting that 60% of CISOs reported an increase in third-party security incidents while only 15% said they had full visibility into those risks. It also described that many technology stacks were not designed to manage dynamic supply-chain threats at scale.
The survey cataloged specific operational weaknesses: 77% of respondents viewed third-party risk as a major threat but only 21% had tested crisis response plans; 60% reported rising breaches yet just 41% monitored risk beyond direct suppliers; and only 22% had formal vetting processes for third-party Artificial Intelligence (AI) tools. It also recorded that 71% found traditional questionnaires inadequate and that 66% had moved to AI-driven assessment tools.
The research was based on responses from 200 CISOs of US-based companies and was conducted in October 2025 by the independent research company Global Surveyz on behalf of Panorays. The report said 61% of organizations had invested in Governance, Risk, and Compliance (GRC) software, yet 66% reported those platforms were ineffective at handling external third-party supply chain risks, and that adoption of GRC tools had risen from 27% the prior year.
“Our findings show that third-party security vulnerabilities aren’t going away – in fact, they’re becoming more prevalent due to a dangerous lack of visibility and the rampant adoption of unmanaged AI tools,” said Matan Or-El, founder and CEO of Panorays. “The rise of AI has only made supply chains more complex, and the connected nature of these data-dependent systems is expanding the attack surface,” said Matan Or-El, founder and CEO of Panorays. “CISOs are increasingly seeing the value of AI-driven solutions to increase clarity around the evolving threat landscape,” said Matan Or-El, founder and CEO of Panorays.
The survey found that 15% of CISOs said they had full visibility into their software supply chains, up from 3% a year earlier, and that 66% reported using AI-driven assessment tools compared with 27% the prior year.
Provided by Globe Newswire on behalf of Panorays. Click to read original content.