
Our 2026 analysis of 515 US-based institutions mapped more than 105,000 vendor instances across 5,400 unique suppliers, revealing an ecosystem that is decentralized and increasingly difficult to govern.
The findings examine five factors that widen the third-party visibility gap: vendor sprawl, concentration risk, unique vendor risk, embedded AI exposure, and manual review lag. For cybersecurity leaders in higher education, this report shows why vendor assessments alone are no longer enough.