Relevant Results
Sorry, there are no results matching your search.
Autocomplete suggestions are available. Use up and down arrows to review and enter to select.
See more results

2025 Key considerations in third-party security

Third-party security is no longer a back-office function, it’s a strategic discipline shaping enterprise resilience.

Download PDF
Share

Third-party security has become a critical component of enterprise risk management, playing a more central and strategic role in 2025. As organizations continue to rely on vendors and services, the nature of risk is evolving, introducing new challenges that traditional oversight models weren't designed to address.

From AI-driven services to quantum-era threats, emerging technologies are introducing new risks and regulatory pressures that demand new approaches. Some of the key drivers of integrated TPS within TPRM and the broader organization are:

1

Regulatory pressure: DORA and NIS2:

New EU regulations, such as DORA and NIS2, are reshaping how organizations manage third-party risk, emphasizing accountability, resilience, and continuous oversight.

2

Using AI to drive efficient and effective third-party security:

AI is being leveraged to improve third-party security by automating manual tasks, predicting breach risk, and detecting anomalies in vendor behavior.

3

Securing against third-party AI risk:

As vendors embed AI into their products and services, organizations are inheriting new risks related to privacy, ethics, and operations. Leading organizations are evaluating how AI is used by their vendors and implementing controls to mitigate these risks.

4

Third party quantum risk:

The emergence of quantum computing poses a significant threat to third-party security, particularly for sensitive data that must remain confidential over a long period. Organizations must assess their vendors' readiness for post-quantum cryptography.

5

Continuous monitoring and oversight:

Traditional third-party programs have relied on scheduled assessments, but as third-party environments evolve rapidly, that cadence is becoming inadequate. Leading organizations are adopting continuous monitoring to surface emerging risks and trigger early intervention.

6

Cross-functional governance and alignment:

Effective third-party security requires collaboration across functions, including procurement, IT, legal, and security. Leading organizations are establishing cross-functional governance to evaluate vendors holistically and align third-party security with broader enterprise risk strategy.

Dive into our thinking:

2025 Key considerations in third-party security

To learn more about these critical themes and how your organization can stay ahead, download the full KPMG thought leadership piece.

Download PDF

Meet the team

Image of Diana Keele
Diana Keele
Managing Director, Cyber Security Services, KPMG US
Read bio
Image of Chetan Gavankar
Chetan Gavankar
Principal, Advisory, Cyber Security, KPMG US
Read bio
Image of Diana Keele
Diana Keele
Managing Director, Cyber Security Services, KPMG US
Read bio
Image of Chetan Gavankar
Chetan Gavankar
Principal, Advisory, Cyber Security, KPMG US
Read bio

KPMG. Make the Difference.


Some or all of the services described herein may not be permissible for KPMG audit clients and their affiliates or related entities.

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation. KPMG LLP does not provide legal services.

The information contained herein is not intended to be “written advice concerning one or more Federal tax matters” subject to the requirements of section 10.37(a)(2) of Treasury Department Circular 230.

© 2025 KPMG LLP, a Delaware limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.

For more detail about the structure of the KPMG global organization please visit https://home.kpmg/governance.

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's . Privacy Statement

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Search now!

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Submit

Office locations

View locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Learn more

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.

Contact

Headline