Current State of TPRM: 2025 Annual Study

Third-party risk management is no longer a box to tick, it’s a survival strategy. But according to Mitratech’s latest global study, many organizations are still managing sprawling vendor ecosystems with outdated tools, limited visibility, and far too few resources.

Drawing on insights from risk, compliance, and procurement professionals worldwide, the 2025 report paints a picture of a sector under pressure:

• Understaffed and overstretched: Nearly 70% of TPRM teams say they don’t have the headcount to keep pace with demand.
• Risk blind spots: On average, organizations actively monitor only 40% of their vendors, leaving the rest to operate on trust, outdated contracts, or sheer luck.
• Regulatory pressure building: Compliance team involvement in TPRM has more than doubled since 2023, a sign that oversight is intensifying and expanding beyond cybersecurity to include data privacy, operational resilience, and vendor governance.
• Technology gaps holding back progress: 41% still use spreadsheets as their main TPRM tool, and just 29% can assess risk across the entire vendor lifecycle, meaning most firms lose visibility somewhere between onboarding and offboarding.
• AI on the horizon, but cautiously: 65% are exploring AI use cases and 14% are already using it, nearly triple last year’s adoption. Yet concerns over data security and explainability remain significant barriers.

Risk priorities are broadening, with data privacy, compliance risk, and business continuity now catching up to cybersecurity. The study closes with five urgent recommendations for modernizing TPRM, from building cross-functional governance to embracing continuous monitoring and implementing AI responsibly.

The takeaway? Third-party risk isn’t getting easier, and the cost of inaction is rising. If 2024 was a warning shot, 2025 is shaping up to be a reckoning for organizations still relying on manual processes, siloed programs, and outdated tools.

Download the full report to benchmark your program, uncover where the biggest gaps are, and learn how to future-proof your TPRM strategy.