Drata's Risk Trends Report

Third-Party Risk: The Universal Operational Challenge

Discover Why 83% of Companies Face Problems from Current TPRM Processes

Drata's Risk Trends Report showcases critical insights into the third-party risk management (TPRM) strategies of today's enterprises. Why download this research?

check mark

Understand the scope of third-party risks

Delve into the reasons behind why 80% of companies fear they lack full visibility into their third parties’ security postures

check mark

Access vital data and trends

Get detailed insights from a survey of 300 organizations on the challenges and opportunities in third-party risk management

check mark

Learn proactive risk management strategies

Discover how to address the gaps in your TPRM processes and moving towards more automated and continuous risk and compliance solutions

Download Report

Drata's Latest Research

Welcome to the Drata's Risk Trends Report. This visual research report results from an enterprise-level analysis looking into a critical element of organizational risk: third parties. 

In recent years there has been a significant rise in cybersecurity related supply chain attacks, now even overtaking the damage done by malware. As part of that increase, there were 10 million people impacted by supply chain attacks that targeted 1,743 entities.

Drata developed a study designed to tap the pulse of commercial and enterprise organizations to determine what, if any, impact existing processes associated with managing third parties have on the business, how they are set to change in the next two years, and the level of risk associated with them.

Media - Image - 2023 Risk Trends Report

Third-Party Risk: The Universal Operational Challenge

In this year’s report, we found that a lack of visibility into third parties, Layered Risk, creates blind spots that make it nearly impossible to conduct an appropriate risk assessment for the modern perimeterless architecture that most businesses align with today. 

As captured throughout the report, these blind spots result from a universal operational challenge that impacts nearly every business.

Access Full Report

Media - Image - 2023 Risk Trends Report Spread

Inside the Report

The following takeaways identify the most impactful trends discussed in the report: 

Risk Treatment Plan

Hours Managing Risk

Most (69%) enterprise companies spend 1,000 hours or more annually on managing risk.

Expedite Security Questionnaires

Layered Risk

80% of companies fear they don’t have full visibility into their third party’s security posture.

Employee Onboarding and Off boarding

Lack of Resources

Over 2 in 5 don’t have the proper staff and resources to thoroughly screen third parties in a timely manner.

Automated Evidence Collection

Priorities on The Horizon

Integrated risk management and complete visibility into third-party risk are top ranked (64%) priorities.

Risk Assessment Icon

The Process Is Broken

83% report they experienced negative consequences as a result of their current TPRM process.

Continuous Control Monitoring Icon

Value in Continuous Visibility

Security professionals (65%) prefer to see third-party compliance on a monthly or continuous basis.

Access the Full Report

Drata's Risk Trends Report

Discover the latest trends and insights on risk and compliance based on input from established and enterprise companies. Drata's Compliance Trends report explores a universal operational challenge: Third-Party Risk.

Download Now

Media - Image - Featured 2023 Risk Trends Report

About The Report

We worked with a third-party partner to survey 300 different organizations.

Surveyed companies consisted of high-tech, SaaS, fintech, and healthtech organizations.

We surveyed IT, cybersecurity, GRC, and related professionals at the director and above seniority.

The Latest Resources


Drata A Complete Guide to Cybersecurity Risk Management (1)

New Resource: Complete Guide to Risk Management

Drata has released a new guide to walk you through the ins and outs of risk management and how it applies to compliance. Access the Complete Guide to Cybersecurity Risk Management to learn how to kickstart your risk management program.


Rise of Continuous Compliance Header 936 x 540@3x

Moving to a Proactive State of Compliance

Apart from being manual, traditional compliance's reactive nature can leave your organization at risk. Keep reading to learn how organizations are moving to proactive, continuous compliance.


User access review hero image

How to Perform User Access Reviews

A user access review is a process that involves regularly reviewing access rights for a company’s employees and third-party vendors.

Automate Your Journey

Drata's platform experience is designed by security and compliance experts so you don't have to be one.


Easily integrate your tech stack with Drata.


Pre-map auditor validated controls.


Begin automating evidence collection.

Put Security & Compliance on Autopilot®

Close more sales and build trust faster while eliminating hundreds of hours of manual work to maintain compliance.