Ninety-five percent of procurement organizations can see their Tier-1 suppliers. Only 42% can see Tier-2. The gap is not a technology problem. It is an organizational design problem that leaves most supply chains vulnerable to disruptions nobody is watching for.
The numbers come from McKinsey's 2025 Supply Chain Risk Pulse and EcoVadis's 2024 Sustainable Procurement Barometer. They tell a story most CPOs already sense: your supply chain map ends at the suppliers you pay directly. Everything below that is a blank spot — and the blank spots are where disruptions start.
The visibility cliff: why Tier-2 data stops where it matters most
Tier-2 visibility improved by 22 percentage points between 2023 and 2025, driven by tariff exposure and compliance mandates. That sounds like progress. But the baseline was so low — roughly 20% — that a 22-point gain still leaves 58% of the supply base invisible.
What causes the cliff? Three structural forces. First, procurement organizations are structured around spend categories, not supply networks. A category manager owns the relationship with the Tier-1 aluminum supplier but has no mandate — and no budget — to map that supplier's bauxite sources. Second, supplier contracts rarely include sub-tier disclosure requirements. Third, even when disclosure clauses exist, they go unenforced because nobody owns the verification process.
"Visibility into Tier-2 increased 22 percentage points from 2023 to 2025, driven by tariff and compliance pressures."
— McKinsey Supply Chain Risk Pulse, 2025
The failure mode: single-tier risk registers create fake confidence
A Tier-1 supplier with a green risk score can sit on top of a Tier-2 supplier that is three weeks from bankruptcy. The scorecard looks clean. The supply chain is not.
Network-science research on supply chains identifies a specific failure pattern: cascading disruptions propagate through the network along paths that single-tier risk assessments cannot detect. A Tier-3 chemical plant shutdown in China affects a Tier-2 resin supplier in Germany, which affects four different Tier-1 component manufacturers — and procurement teams see four simultaneous "unexpected" shortages with no common cause.
The four-stage maturity model for multi-tier visibility
Organizations do not go from 42% Tier-2 visibility to full network mapping in one step. The progression follows a predictable sequence — and most teams stall at stage 2.
The stall at stage 2 happens because survey-based approaches create the illusion of coverage without delivering reliable data. A Tier-1 supplier that ignores the survey or provides incomplete responses still shows up as "surveyed" in the dashboard. The metric moves. The risk does not.
What good looks like: contractual mandates and network modeling
The organizations that have broken through the 42% ceiling combine two things: contractual sub-tier disclosure requirements and third-party data enrichment. Neither works alone.
Contractual mandates — clauses requiring Tier-1 suppliers to report their own critical suppliers, updated quarterly — provide the legal foundation. But without automated verification, the data decays. Third-party platforms that aggregate supplier network data from trade records, certifications, and public filings fill the gap by cross-referencing self-reported data against external sources.
At the most advanced level, organizations are adopting graph-based risk models. These treat the supply network as a mathematical graph, measuring node centrality to identify suppliers whose failure would cascade, and simulating disruption propagation paths. A supply chain risk model built on centrality analysis surfaced a Tier-3 chemical supplier that served 14 different Tier-1 relationships across three business units — a concentration risk invisible to any single category manager.
What this means in practice
- Audit your current Tier-2 coverage. Count how many of your Tier-1 suppliers have documented sub-tier suppliers. If the number is under 50%, you are in the majority — and that is not a good thing. Target 80% within 12 months.
- Add sub-tier disclosure to your standard contract template. Require Tier-1 suppliers to report their critical Tier-2 suppliers quarterly. Include audit rights and consequences for non-compliance. This costs nothing to add to new contracts.
- Run a network centrality analysis on your top 20 suppliers. A manual exercise: map which of your Tier-1 suppliers share common Tier-2 or Tier-3 sources. Flag any Tier-2 supplier serving more than three of your Tier-1 relationships as a concentration risk.
- Pilot a third-party data platform for one category. Pick the category with the highest supply disruption risk. Run a 90-day pilot with a platform that aggregates sub-tier data. Measure how many new Tier-2 suppliers you identify versus your existing map.
- Assign ownership. Multi-tier visibility fails when it is everyone's job and nobody's metric. Designate one person — even part-time — to own sub-tier mapping. Tie their performance review to Tier-2 coverage percentage.
What percentage of procurement teams have visibility into Tier-2 suppliers?
McKinsey's 2025 Supply Chain Risk Pulse found that 95% of firms have visibility into Tier-1 suppliers, but only 42% have visibility into Tier-2 or beyond. EcoVadis data shows only 25% of organizations have more than 50% visibility into their Tier-2 suppliers.
Why is Tier-2 supplier visibility important for risk management?
Tier-2 and Tier-3 suppliers are where most supply disruptions originate — from raw material shortages to quality failures and regulatory violations. Without visibility below Tier 1, procurement teams cannot detect cascading failure risks. Network-based risk models show that a single Tier-3 disruption can propagate through the supply chain in days, affecting multiple Tier-1 suppliers simultaneously.
What are the best approaches for mapping Tier-2 and Tier-3 suppliers?
Leading organizations combine three approaches: supplier self-disclosure mandates (contractual requirement to report sub-tier suppliers), third-party data platforms that aggregate supplier network data, and graph-based risk modeling that maps centrality and cascading failure paths across the supply network.