9.1K
![\"\"](\"https://latesthackingnews.com/wp-content/uploads/2026/01/image1_1768153342Bp17a2duod-2-1024x614.jpg\"/)
New York, NY, January 14th, 2026, CyberNewsWire
Panorays, a leading provider of third-party security risk management software, has released the 2026 edition of its annual CISO Survey for Third-Party Cyber Risk Management.
The survey underscores third-party cyber risk as a critical challenge for security leaders, primarily due to a lack of visibility. While 60% of CISOs report an increase in third-party security incidents, only 15% claim to have full visibility into these risks.
These gaps are exacerbated by limited resources and technology stacks ill-equipped to handle dynamic supply-chain threats at scale.
Based on feedback from 200 CISOs of US-based companies, the 2026 Panorays CISO Survey sheds light on cybersecurity executives’ ongoing struggles to fortify software supply chain security. Resource constraints and inadequate tech stacks further hinder these efforts. Despite increased adoption, traditional Governance, Risk, and Compliance (GRC) platforms have largely disappointed security teams, leaving them without the necessary tools or confidence to effectively combat the growing wave of third-party threats.
Key Insights from the Survey
- Preparedness is alarmingly low: While 77% of CISOs view third-party risk as a major threat, only 21% have tested crisis response plans in place. This indicates that organizations are increasingly vulnerable to prolonged outages, exposure of sensitive systems, financial losses in the event of a breach, and compliance violations. Without a solid response plan, even minor incidents could escalate into major crises.
- Most organizations are unaware of their vendors: Despite 60% reporting an increase in third-party breaches, only 41% actively monitor risk beyond direct suppliers. CISOs face significant blind spots, as they focus primarily on visible risks while potential threats lurk in the background, unnoticed by many security teams.
- Shadow AI poses new attack vectors: Despite rapid AI adoption, only 22% of CISOs have formal vetting processes, allowing unmanaged third-party AI tools to infiltrate core environments. The rapid adoption of black-box AI tools outpaces security teams’ ability to keep up, with 60% of respondents identifying shadow AI as a major risk. This creates a dangerous blind spot for CISOs, as high-risk third-party systems gain access to IT environments without adequate scrutiny.
- CISOs express dissatisfaction with their compliance platforms. The report reveals that 61% of businesses have invested in GRC software solutions, yet 66% find these platforms ineffective in addressing the dynamic nature of external third-party supply chain risks. Consequently, security teams resort to manual workarounds, increasing the likelihood of overlooking vulnerabilities.
- Traditional security assessments fall short: A consensus is emerging among CISOs, with 71% acknowledging that standard questionnaires do not provide sufficient insight into the threat landscape, leading to fatigue rather than clarity. Fortunately, CISOs are increasingly turning to AI-driven assessment tools, with 66% making the transition.
![](\"https://latesthackingnews.com/wp-content/uploads/2026/01/image1_1768153342Bp17a2duod_1768201119O8YGRywG9Y.jpg\"/)
Left to right: Panorays Co-founders Meir Antar (COO), Matan Or-El (CEO) and Demi Ben-Ari (Chief Strategy Officer)
“Our findings indicate that third-party security vulnerabilities are on the rise, exacerbated by a lack of visibility and the uncontrolled adoption of AI tools,” stated Matan Or-El, founder and CEO of Panorays. “It’s concerning that only 15% of CISOs claim to have a comprehensive view of their supply chains.”
“The complexity of supply chains has increased with the proliferation of AI, expanding the attack surface of interconnected data-dependent systems,” Or-El added. “CISOs are recognizing the value of AI-driven solutions to enhance their understanding of evolving threats.”
Focus on Visibility, Yet Challenges Persist for CISOs
The latest report reveals a growing sense of urgency among CISOs, driven by the inadequacy of traditional GRC platforms in managing third-party risk at scale. Nearly two-thirds of organizations have invested in GRC tools, up from 27% in the previous year’s report, but overall visibility has decreased, leading to growing dissatisfaction with these systems.
However, there are signs of progress as more CISOs explore advanced AI-driven tools to enhance their security posture. Adoption of AI for third-party risk management has surged from 27% to 66% over the past year.
While organizations have made strides in assessing the third-party threat landscape, there is still much work to be done. While 15% of CISOs now claim full visibility into their software supply chains, up from 3% in the previous year, the majority of organizations still lack a comprehensive view of their overall threat landscape.
About the Survey
The 2026 CISO Survey was conducted in October 2025 by Global Surveyz, an independent research firm, on behalf of Panorays. It gathered insights from 200 Chief Information Security Officers responsible for overseeing third-party cybersecurity risk management within their organizations. The survey included CISOs from various sectors such as finance, insurance, professional services, technology, healthcare, and software development.
About Panorays
Panorays is a global provider of third-party cybersecurity management software trusted by leading organizations in banking, insurance, financial services, and healthcare. Their personalized and adaptive third-party cyber risk management solutions help businesses proactively defend against emerging threats and implement actionable remediations. With over 1,000 customers worldwide, Panorays serves enterprise and mid-market clients in North America, the UK, and the EU. Headquartered in New York and Israel, Panorays is backed by international investors, including Aleph VC, Oak HC/FT, Greenfield Partners, BlueRed Partners, StepStone Group, Moneta VC, and industry veterans Amichai Shulman and Lane Bess. For more information, visit panorays.com or contact [email protected].
Contact
PR
Dan Edelstein
InboundJunction
[email protected]
