The Good Tech Companies - 2026 Study from Panorays: 85% of CISOs Can’t See Third-Party Threats Amid Increasing Supply Chain At

Starting point is 00:00:00 This audio is presented by Hacker Noon, where anyone can learn anything about any technology. 2026 study from Panorays, 85% of CSOs can see third-party threats amid increasing supply chain ad, by Cyber Newswire. New York, New York, January 14, 2026, Cyber Newswire, Panerase, a leading provider of third-party security risk management software, has released the 26-addition OFITS annual CISO survey for third-party cyber risk management. The survey highlights third-party cyber risk as one of the most critical challenges facing security leaders today, driven largely by a lack of visibility. While 60% of CSOs report an increase in third-party security incidents, only 15% say they have full visibility into those risks. These gaps are compounded by limited resources and technology stacks that weren't designed to manage dynamic supply chain threads at scale. Drawing on responses from 200 CSOs of U.S.-based companies, the 26 Panera's CISO survey

Starting point is 00:01:01 puts a spotlight on cybersecurity executives continuing challenge Astho's shore-up software supply chain security, as these efforts are further undermined by resource constraints and tech stacks that fall short. Despite growing adoption, standard governance, risk, and compliance, GRC, platforms have largely failed security teams, leaving them without the ability or confidence needed to effectively address the rising tide of third-party threats. Key findings and insights preparedness is dangerously low, while 77% of CSOs see third-party risk as a major threat, only 21% have tested crisis response plans in place. This suggests that organizations are increasingly susceptible to prolonged outages, exposure of sensitive systems and financial losses in the event of a security breach,

Starting point is 00:01:48 as well as compliance violation penalties. Without a proper response plan in place, even minor incidents have the potential to spiral out of control. Most organizations are blind to vendors, although 60% report rising third-party breaches, just 41% monitor risk beyond direct suppliers. CSOs face massive observability gaps, as they're only watching the front door. But the biggest risks are lurking in the background, largely unseen by most security teams. Shadow AI is creating new attack paths. Despite rapid AI adoption, only 22% of CSOs have four. formal vetting processes, leaving unmanaged third-party AI tools embedded in core environments. Teams are adopting black-box AI tools faster than security teams can keep up, with 60% of

Starting point is 00:02:35 respondents identifying shadow AI as uniquely risky. This creates a dangerous and growing blind spot for CSOs, as high-risk third-party systems are granted access to IT environments without scrutiny. CISOs are dissatisfied with their compliance stacks. The report found that 61% of businesses have invested in GRC software solutions, yet 66% say that these platforms are ineffective in dealing with the dynamic nature of external third-party supply chain risks. As a result, security teams are forced to rely on manual workarounds instead, increasing the likelihood of vulnerabilities being missed. Static security assessments are no longer up to the job. This is a growing consensus among CSOs, with 71% admitting that traditional questionnaires fall short of expectations, creating fatigue instead

Starting point is 00:03:23 of visibility into the threat landscape. Fortunately, CSOs are quickly embracing alternatives, with 66% moving on to AI-driven assessment tools. Left to right, Panere's co-founders Mayor Antar, C-O, Madden R.L., CEO and Demi Ben Ari, chief strategy officer, our findings show that third-party security vulnerabilities aren't going away, in fact, they're becoming more prevalent due to a dangerous lack of visibility and the rampant adoption of unmanaged AI tools, said or L, founder and CEO of Panorres. Meanwhile, it's especially alarming that only 15% of CSOs say they have the ability to map out their entire supply chains. The rise of AI has only made supply chains more complex, and the connected nature of these data-dependent systems is

Starting point is 00:04:10 expanding the attack surface or L-continued. CISOs are increasingly seeing the value of AI-driven solutions to increase clarity around the evolving threat landscape. Visibility is being prioritized, But CSO's hands remain tied the new report found there's a growing sense of urgency among CSOs due to the failure of traditional GRC platforms to manage third-party risk at scale. Almost two-thirds of organizations have invested in GRC tools, up from just 27% in the 2025 version of Panere's report, yet overall visibility has declined, resulting in growing dissatisfaction about the ineffectiveness of these systems. Fortunately, there are signs that organizations can close the visibility gap as more CSOs explore the use of advanced AI-driven tools to improve their security posture.

Starting point is 00:04:57 Adoption of AI for third-party risk management has surged, up from 27% a year ago to 66% this year. This shift has led to significant, but still alarmingly insufficient, growth in the ability of organizations to properly assess the third-party threat landscape. The 2026 survey found that 15% of CSOs now say they have full visibility into their software supply chains. Up from just 3% a year ago, but much work remains to be done. While the progress is encouraging, the overall picture remains bleak, as 85% of organizations still lack a complete view of their overall threat landscape. About THE survey, the 26 CISO survey was conducted in October 2025

Starting point is 00:05:39 by the Independent Research Company Global Surveys on behalf of Panorais. It's based on responses from 200 chief information security officers, all of whom are full-time employees tasked with O'SVosvered. overseeing third-party cybersecurity risk management within their organizations. The sample included CSOs from the finance, insurance, professional services, technology, healthcare and software development sectors. About Panera's Panthers is a global provider of third-party cybersecurity management software. Adopted by leading banking, insurance, financial services, and healthcare organizations,

Starting point is 00:06:14 Panthers enables businesses to optimize their defenses for each unique third-party relationship. With personalized and adaptive third-party cyber risk management, Paneras helps businesses stay ahead of emerging threats and delivers actionable remediations with strategic advantages with over 1,000 customers worldwide. The company serves enterprise and mid-market customers primarily in North America, the UK and the EU, headquartered in New York and Israel, with offices around the world. Panthers is funded by numerous international investors, including All FVC, Oak HC, FT, Greenfield partners, Blue Red Partners, Singapore, Stepstone Group, Monita VC, Imperva co-founder Amichai Schulman and former CEO of

Starting point is 00:06:57 Paulo Alto Network's Lane Bess. For more information, users can visit Panorays. Com or contact at info at Panorays.com. Contact PR Dan Edelstein Inbound Junction PR at Inbound Junction. Com this story was published as a press release by Cyber Newswire under Hackernoon Business Blogging Program. Do your own research before making any financial decision. Thank you for listening to this Hackernoon story, read by artificial intelligence. Visit hackernoon.com to read, write, learn and publish.

The Good Tech Companies - 2026 Study from Panorays: 85% of CISOs Can’t See Third-Party Threats Amid Increasing Supply Chain At

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.