Key Findings and Insights Preparedness is dangerously low: While 77% of CISOs see third-party risk as a major threat, only 21% have tested crisis response plans in place. Most organizations are blind to vendors: Although 60% report rising third-party breaches, just 41% monitor risk beyond direct suppliers. Shadow AI is creating new attack paths: Despite rapid AI adoption, only 22% of CISOs have formal vetting processes, leaving unmanaged third-party AI tools embedded in core
