CyberGRX has unveiled a cyber-risk assessment exchange for sharing third-party security information.
Built in partnership with chief security and risk officers from Aetna, Blackstone, MassMutual, ADP and other large companies, with a combined network of more than 40,000 companies in their digital ecosystems, the CyberGRX Exchange brings together enterprises and their third parties and creates massive efficiency to a process that has largely been driven by sharing spreadsheets and trusting unvalidated self-assessments.
The combination of outsourcing, globalization and the digitization of business has created new security and resiliency risks that many businesses are just starting to address. Large companies often have tens of thousands of suppliers, vendors and affiliates, while even smaller, startup companies can have dozens of suppliers and vendors. According to PwC’s 2016 Global State of Information Security report, third-party contractors are the biggest source of security incidents outside of a company’s employees.
“Companies today need to approach third-party cyber risk as a business risk that needs to be continuously managed,” said Jim Routh, CSO at Aetna. “This requires a new approach, one that enables companies to understand where risks lie within their digital ecosystem, tailor their controls according to those risks, and collaborate with their third parties to remediate and mitigate those risks. The CyberGRX Exchange enables all companies to take this approach.”
The CyberGRX Exchange creates benefit for both enterprises and fr third parties. It enables enterprises to know which of their third parties pose the most risk to their organizations at any time. It provides enterprises instant access to updated risk assessments and advanced analytics to identify, assess, mitigate and monitor third parties and empower collaborations that minimize risk. This allows existing security teams to shift from data collectors to risk managers.
The platform also benefits third parties. One of CyberGRX’s customers, a market-leading human capital management outsourcing provider, previously completed approximately 1,000 redundant security assessments per year with a dedicated staff of 50 professionals. Once assessed by CyberGRX, a third party’s dynamic assessment exists in the CyberGRX Exchange and can be pushed upstream to existing and new business partners. The unique “assess once, share with many” model maximizes efficiency, drives down costs and helps security move from a cost center to a business growth driver.
“The third-party cyber risk management market is being driven by the massive increase in outsourcing, greater regulatory scrutiny and the fact that over 50 percent of breaches involve a third party,” said Fred Kneip, CyberGRX CEO. “The inherent efficiency of the CyberGRX Exchange eliminates the waste in today’s approach – largely based on sharing spreadsheets – in a way no one in the market does. For the first time, companies will know which of their third parties pose the greatest risk to their organizations.”