Nearly three in ten UK organisations don’t trust their third-party vendors to manage critical risks, according to research conducted by cyber consultancy CyXcel. The findings suggest firms are outsourcing high-stakes responsibilities without the internal visibility needed to assess vendor capability, thereby increasing vulnerability.

Of those surveyed, 27% of cyber risk professionals said they could not confidently trust vendors to manage their most critical threats. At the same time, 28% admitted they don’t fully understand the risks they’re responsible for managing – making effective vendor evaluation difficult.

Nearly a quarter of the 400 respondents to CyXcel's research said they feel overwhelmed by the complexity and volume of threats they face. The problem is most acute in cyber incident response and artificial intelligence.

“We see this pattern again and again,” said Ngaire Guzzetti, technical director, supply chain at CyXcel. “Organisations are handing over the keys to their digital resilience but don’t have the internal visibility to know if those partners are steering in the right direction. Risk managers are drowning in complexity yet leaving the handling of the lifeboat to vendors they barely trust. Resilience doesn’t start with spend – it starts with clarity. The more you understand the threat, the better equipped you are to evaluate who should be helping you manage it.”

---