Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI toolsNEW
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI toolsNEW
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

85% of security leaders are flying blind on supply chain threats, Panorays study says

New research reveals a dangerous gap between awareness and action in third-party cybersecurity.

byEditorial Team
January 14, 2026
in Cybersecurity
Home News Cybersecurity
Share on FacebookShare on TwitterShare on LinkedInShare on WhatsAppShare on e-mail
Google Preferred Source

A new survey from Panorays paints a troubling picture of the state of third-party security risk management. Despite growing awareness of supply chain vulnerabilities, most security leaders still can’t see what’s coming through their back door. Panorays is a global provider of third-party cybersecurity management software. The 2026 CISO Survey for Third-Party Cyber Risk Management, based on responses from 200 US-based Chief Information Security Officers, reveals a striking disconnect between perceived threats and actual preparedness.

While 60% of CISOs report an increase in third-party security incidents over the past year, only 15% say they have full visibility into those risks. The remaining 85% are operating with significant blind spots.

This visibility gap is creating real exposure. Organizations without clear sight lines into their supply chains are increasingly susceptible to prolonged outages, exposure of sensitive systems, financial losses, and compliance violation penalties. Without proper monitoring, even minor incidents have the potential to spiral out of control.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.

The survey was conducted in October 2025 by Global Surveyz, an independent research company, on behalf of Panorays. The sample included 200 Chief Information Security Officers from US-based companies in finance, insurance, professional services, technology, healthcare and software development sectors. All respondents are full-time employees responsible for overseeing third-party cybersecurity risk management within their organizations.

Awareness is high, but preparedness remains dangerously low

The survey found that 77% of CISOs recognize third-party risk as a major threat to their organizations. Yet only 21% have tested crisis response plans in place. This gap between recognition and readiness suggests that many organizations are waiting for a breach to happen before taking action.

The problem extends beyond direct suppliers. Although 60% of respondents report rising third-party breaches, just 41% monitor risk beyond their immediate vendors. This means CISOs are watching the front door while the biggest risks are lurking in the background—in fourth-party and fifth-party relationships that most security teams never examine.

“Our findings show that third-party security vulnerabilities aren’t going away—in fact, they’re becoming more prevalent due to a dangerous lack of visibility and the rampant adoption of unmanaged AI tools,” said Matan Or-El, founder and CEO of Panorays. “Meanwhile, it’s especially alarming that only 15% of CISOs say they have the ability to map out their entire supply chains.”

Shadow AI: The new blind spot

One of the most concerning findings involves artificial intelligence. Despite rapid AI adoption across enterprises, only 22% of CISOs have formal vetting processes for AI tools. This leaves unmanaged third-party AI systems embedded in core environments without proper security scrutiny.

The risk is significant: 60% of respondents identified unmanaged AI tools as uniquely dangerous. Teams are adopting black-box AI tools faster than security teams can evaluate them, creating a growing blind spot as high-risk third-party systems are granted access to IT environments without oversight.

“The rise of AI has only made supply chains more complex, and the connected nature of these data-dependent systems is expanding the attack surface,” Or-El noted. “CISOs are increasingly seeing the value of AI-driven solutions to increase clarity around the evolving threat landscape.”

GRC platforms are failing security teams

Here’s where the findings get particularly interesting: companies are investing heavily in security tools, but those tools aren’t delivering results.

The survey found that 61% of businesses have invested in Governance, Risk, and Compliance (GRC) software solutions—a dramatic increase from just 27% in Panorays’ 2025 report. Yet despite this surge in adoption, 66% of CISOs say these platforms are ineffective at dealing with the dynamic nature of external third-party supply chain risks.

The result? Security teams are forced to rely on manual workarounds, increasing the likelihood that vulnerabilities slip through the cracks. More spending isn’t translating into better visibility. Something in the current approach isn’t working.

Traditional security assessments are also falling short. A full 71% of CISOs admit that traditional questionnaires no longer meet expectations. Instead of providing visibility into the threat landscape, these static assessments are creating fatigue—endless forms that generate compliance paperwork but fail to surface actual risks.

AI-driven tools gaining traction

Despite the bleak overall picture, there are encouraging signs that organizations are adapting. CISOs are increasingly turning to AI-driven assessment tools as an alternative to failing legacy approaches. Adoption of AI for third-party risk management has surged from 27% a year ago to 66% this year.

This shift is producing measurable results. The percentage of CISOs reporting full visibility into their software supply chains has improved from just 3% in 2025 to 15% in 2026. That’s a fivefold increase in one year.

But perspective matters here. While the progress is real, 85% of organizations still lack a complete view of their overall threat landscape. Moving from 3% to 15% is an improvement. It’s not a success.

The path forward

The survey’s findings point to a fundamental challenge in modern cybersecurity. Supply chains are becoming more complex, not less. The proliferation of AI tools—both sanctioned and shadow—is expanding the attack surface faster than security teams can map it. And the tools that organizations have invested in over the past decade weren’t designed to manage dynamic, interconnected third-party risks at scale.

For CISOs, the message is clear: awareness without visibility is not enough. Crisis plans that haven’t been tested aren’t really plans. And watching only direct suppliers while ignoring the broader ecosystem is a strategy that leaves too many doors unguarded.

The organizations that close this gap will be the ones that move beyond checkbox compliance toward continuous, AI-assisted monitoring of their entire supply chain. The 85% that don’t will continue flying blind—until something forces them to see.


Featured image credit

Tags: trends

Related Posts

Opera adds protection against copy-paste ClickFix attacks

Opera adds protection against copy-paste ClickFix attacks

July 3, 2026
Cloudflare will block AI crawlers unless sites opt in

Cloudflare will block AI crawlers unless sites opt in

July 3, 2026
WhatsApp usernames spark impersonation and fraud concerns

WhatsApp usernames spark impersonation and fraud concerns

July 2, 2026
Massive data leak exposes Apple supplier Tata Electronics on dark web

Massive data leak exposes Apple supplier Tata Electronics on dark web

June 30, 2026
OpenAI expands cybersecurity efforts with Patch the Planet

OpenAI expands cybersecurity efforts with Patch the Planet

June 24, 2026
Google files lawsuit over AI-assisted phishing operation abusing Gemini

Google files lawsuit over AI-assisted phishing operation abusing Gemini

June 15, 2026

LATEST NEWS

Google launches AI-powered Video Remix tool in Google Photos

X to DM users when their posts receive a Community Note

iPhone 18 Pro Max battery capacity appears in 3C filings

Anthropic brings Claude Cowork management to mobile apps

X adds built-in video editor to iOS app to rival TikTok

Discord bug wrongly banned about 8,200 accounts since May

BEST AI MODELS LEADERBOARD

See the best AI models, ranked by intelligence, benchmark results, speed and token price. Find the most suitable LLMs, Text-to-Image, Image Editing, Text-to-Speech, Text-to-Video and Image-to-Video  artificial intelligence model for your tasks and business.

LATEST TOOLS

Gistly

Prospero.ai

Only.Coms

ColorPenguin

Alayna AI

Dreamwave

AI Summary Helper

Ask Muslim

Exer AI

AI Passport Photos

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI tools
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies to improve your experience. You can choose to accept or reject them. Visit our Privacy Policy.