Close Menu
    AI Ethics & Regulation

    2026 Panorays Research: CISOs Lack Third-Celebration Visibility

    Declan MurphyBy No Comments6 Mins Read
    2026 Panorays Research: CISOs Lack Third-Celebration Visibility


    New York, NY, January 14th, 2026, CyberNewsWire

    Panorays, a number one supplier of third-party safety threat administration software program, has launched the 2026 version of its annual CISO Survey for Third-Celebration Cyber Danger Administration

    The survey highlights third-party cyber threat as one of the crucial vital challenges going through safety leaders right this moment, pushed largely by a scarcity of visibility.

    Whereas 60% of CISOs report a rise in third-party safety incidents, solely 15% say they’ve full visibility into these dangers.

    These gaps are compounded by restricted assets and know-how stacks that weren’t designed to handle dynamic supply-chain threats at scale.

    Drawing on responses from 200 CISOs of US-based firms, the 2026 Panorays CISO Survey places a highlight on cybersecurity executives’ persevering with challenges to shore up software program provide chain safety, as these efforts are additional undermined by useful resource constraints and tech stacks that fall brief.

    Regardless of rising adoption, normal Governance, Danger, and Compliance (GRC) platforms have largely failed safety groups, leaving them with out the flexibility or confidence wanted to successfully handle the rising tide of third-party threats. 

    Key Findings and Insights

    • Preparedness is dangerously low: Whereas 77% of CISOs see third-party threat as a significant menace, solely 21% have examined disaster response plans in place. This implies that organizations are more and more inclined to extended outages, publicity of delicate programs and monetary losses within the occasion of a safety breach, in addition to compliance violation penalties. With no correct response plan in place, even minor incidents have the potential to spiral uncontrolled. 
    • Most organizations are blind to distributors: Though 60% report rising third-party breaches, simply 41% monitor threat past direct suppliers. CISOs face huge observability gaps, as they’re solely watching the entrance door. However the largest dangers are lurking within the background, largely unseen by most safety groups.
    • Shadow AI is creating new assault paths: Regardless of fast AI adoption, solely 22% of CISOs have formal vetting processes, leaving unmanaged third-party AI instruments embedded in core environments. Groups are adopting black-box AI instruments sooner than safety groups can sustain, with 60% of respondents figuring out shadow AI as uniquely dangerous. This creates a harmful and rising blind spot for CISOs, as high-risk third-party programs are granted entry to IT environments with out scrutiny.
    • CISOs are dissatisfied with their compliance stacks. The report discovered that 61% of companies have invested in GRC software program options, but 66% say that these platforms are ineffective in coping with the dynamic nature of exterior third-party provide chain dangers. Consequently, safety groups are pressured to depend on handbook workarounds as a substitute, rising the probability of vulnerabilities being missed. 
    • Static safety assessments are now not as much as the job. This can be a rising consensus amongst CISOs, with 71% admitting that conventional questionnaires fall wanting expectations, creating fatigue as a substitute of visibility into the menace panorama. Thankfully, CISOs are shortly embracing options, with 66% transferring on to AI-driven evaluation instruments.

    Left to proper: Panorays Co-founders Meir Antar (COO), Matan Or-El (CEO) and Demi Ben-Ari (Chief Technique Officer)

    “Our findings present that third-party safety vulnerabilities aren’t going away – in actual fact, they’re changing into extra prevalent because of a harmful lack of visibility and the rampant adoption of unmanaged AI instruments,” stated Matan Or-El, founder and CEO of Panorays.

    “In the meantime, it’s particularly alarming that solely 15% of CISOs say they’ve the flexibility to map out their total provide chains.”

    “The rise of AI has solely made provide chains extra complicated, and the linked nature of those data-dependent programs is increasing the assault floor,” Or-El continued.

    “CISOs are more and more seeing the worth of AI-driven options to extend readability across the evolving menace panorama.”  

    Visibility Is Being Prioritized, however CISOs’ Arms Stay Tied

    The brand new report discovered there’s a rising sense of urgency amongst CISOs as a result of failure of conventional GRC platforms to handle third-party threat at scale.

    Virtually two-thirds of organizations have invested in GRC instruments, up from simply 27% within the 2025 model of Panorays’ report, but total visibility has declined, leading to rising dissatisfaction in regards to the ineffectiveness of those programs. 

    Thankfully, there are indicators that organizations can shut the visibility hole as extra CISOs discover the usage of superior, AI-driven instruments to enhance their safety posture. Adoption of AI for third-party threat administration has surged, up from 27% a yr in the past to 66% this yr. 

    This shift has led to vital, however nonetheless alarmingly inadequate, development within the capacity of organizations to correctly assess the third-party menace panorama. 

    The 2026 survey discovered that 15% of CISOs now say they’ve full visibility into their software program provide chains, up from simply 3% a yr in the past, however a lot work stays to be carried out.

    Whereas the progress is encouraging, the general image stays bleak, as 85% of organizations nonetheless lack a whole view of their total menace panorama. 

    In regards to the Survey

    The 2026 CISO Survey was carried out in October 2025 by the impartial analysis firm World Surveyz on behalf of Panorays.

    It’s based mostly on responses from 200 Chief Data Safety Officers, all of whom are full-time workers tasked with overseeing third-party cybersecurity threat administration inside their organizations.

    The pattern included CISOs from the finance, insurance coverage, skilled providers, know-how, healthcare and software program improvement sectors.

    About Panorays

    Panorays is a worldwide supplier of third-party cybersecurity administration software program. Adopted by main banking, insurance coverage, monetary providers, and healthcare organizations, Panorays allows companies to optimize their defenses for every distinctive third-party relationship.

    With customized and adaptive third-party cyber threat administration, Panorays helps companies keep forward of rising threats and delivers actionable remediations with strategic benefits with over 1,000 prospects worldwide.

    The corporate serves enterprise and mid-market prospects primarily in North America, the UK and the EU, Headquartered in New York and Israel, with workplaces all over the world, Panorays is funded by quite a few worldwide buyers, together with Aleph VC, Oak HC/FT, Greenfield Companions, BlueRed Companions (Singapore), StepStone Group, Moneta VC, Imperva Co-Founder Amichai Shulman and former CEO of Palo Alto Networks Lane Bess.

    For extra info, customers can go to panorays.com or contact at [email protected].

    Contact

    PR

    Dan Edelstein

    InboundJunction

    [email protected]

    Share.

    Related Posts