DENVER--(BUSINESS WIRE)--CyberGRX, provider of the most comprehensive third-party cyber risk management platform, today unveiled the world’s first cyber risk assessment exchange for sharing third-party security information. Built in partnership with chief security and risk officers from Aetna, Blackstone, MassMutual, ADP and other large companies with a combined network of more than 40,000 companies in their digital ecosystems, the CyberGRX Exchange brings together enterprises and their third parties and creates massive efficiency to a process that has largely been driven by sharing spreadsheets and trusting unvalidated self-assessments.
The combination of outsourcing, globalization and the digitization of business has created new security and resiliency risks that many businesses are just starting to address. Large companies often have tens of thousands of suppliers, vendors and affiliates, while even smaller, startup companies can have dozens of suppliers and vendors. According to PwC’s 2016 Global State of Information Security report, third-party contractors are the biggest source of security incidents outside of a company’s employees.
“Companies today need to approach third-party cyber risk as a business risk that needs to be continuously managed,” said Jim Routh, CSO at Aetna. “This requires a new approach, one that enables companies to understand where risks lie within their digital ecosystem, tailor their controls according to those risks, and collaborate with their third parties to remediate and mitigate those risks. The CyberGRX Exchange enables all companies to take this approach.”
The CyberGRX Exchange creates benefit for both enterprises and for third parties. It enables enterprises to know which of their third parties pose the most risk to their organizations at any time. It provides enterprises instant access to updated risk assessments and advanced analytics to identify, assess, mitigate and monitor third parties and empower collaborations that minimize risk. This allows existing security teams to shift from data collectors to risk managers.
The platform also benefits third parties. One of CyberGRX’s customers, a market-leading human capital management outsourcing provider, previously completed approximately 1,000 redundant security assessments per year with a dedicated staff of 50 professionals. Once assessed by CyberGRX, a third party’s dynamic assessment exists in the CyberGRX Exchange and can be pushed upstream to existing and new business partners. The unique “assess once, share with many” model maximizes efficiency, drives down costs and helps security move from a cost center to a business growth driver.
“The third-party cyber risk management market is being driven by the massive increase in outsourcing, greater regulatory scrutiny and the fact that over 50 percent of breaches involve a third party,” said Fred Kneip, CyberGRX CEO. “The inherent efficiency of the CyberGRX Exchange eliminates the waste in today’s approach - largely based on sharing spreadsheets - in a way no one in the market does. For the first time, companies will know which of their third parties pose the greatest risk to their organizations.”
How CyberGRX Benefits Enterprises and Third Parties
The CyberGRX Exchange is designed to make it simple and cost effective for enterprises to get up-to-date, comprehensive, one-click access to their third parties’ cyber risk assessments. It is purpose-built to transform companies’ third-party cyber risk management processes from a compliance-based to a risk management-based approach. For third parties, the CyberGRX Exchange is designed to make it easy to complete and share their updated cyber risk assessment with their upstream partners.
The CyberGRX Exchange delivers standardized assessments, actionable analytics, remediation management and real-time threat intelligence updates to enterprises and their third parties, enabling them to:
- Mitigate Risk: Enterprises can identify and mitigate risk across their entire digital ecosystem with actionable, risk-based analytics focused on real threat exposures. The threat-based model allows third parties to focus on top risks, rather than a compliance-driven checklist.
- Reduce Costs: The CyberGRX Exchange is a tiered offering with annual subscription rates significantly lower than the cost organizations are incurring today. By placing an up-to-date cyber risk assessment in the CyberGRX Exchange, third parties dramatically reduce the resources and spend associated with the vendor response process.
- Manage Complexity: For enterprises, the Risk-Assessment-as-a-Service model streamlines and automates processes as a “one-stop shop” for third-party cyber risk management. For third parties, the CyberGRX Exchange serves as an easy communication platform, allowing them to be assessed once and use the results across multiple customers and frameworks.
The CyberGRX Exchange is available immediately. For more information, please visit: https://www.cybergrx.com/.
CyberGRX provides the most comprehensive third-party cyber risk management platform to cost-effectively identify, assess, mitigate and monitor an enterprise’s risk exposure across its entire partner ecosystem. Through automation and advanced analytics, the CyberGRX solution enables enterprises to collaboratively mitigate threats presented from their increasing interdependency on vendors, partners and customers. CyberGRX is based in Denver, CO. For more information, visit www.cybergrx.com or follow @CyberGRX1 on Twitter.