CyberGRX, provider of the world’s first and largest global cyber risk exchange, announced the recent release of a groundbreaking new feature that provides users with immediate visibility into potential threats in their ecosystem: Auto Inherent Risk (AIR) insights.
As digital transformation and interconnected ecosystems continue to expand, effective third-party cyber risk management (TPCRM) is increasingly becoming a top priority for CISO’s and Risk Managers.
CyberGRX AIR automates what was once a very time-consuming and manual task, so users can rapidly identify and prioritize the third parties that create the most risk and perform the appropriate level of due diligence on them. This is a critical first step to effectively manage third-party cyber risk.
“With hundreds to thousands of vendors, it is nearly impossible for organizations to know where to begin when it comes to third-party cyber risk management. Understanding inherent risk helps organizations create a prioritized TPCRM plan so they can start addressing their most risky vendors first,” said CyberGRX Chief Technology Officer, Marc Haverland.
“Even though this step has always been critical, identifying inherent risk involves a lot of tedious back and forth with business stakeholders to determine how those vendors are actually used. CyberGRX AIR provides this information in seconds by simply leveraging the existing data on our Exchange.”
Identifying how a third party is used enables organizations to determine the third party’s inherent risk, which is the raw or natural threat level absent of any security controls.
CyberGRX AIR automates this step by prepopulating eight inherent risk questions with crowdsourced data from the Exchange on how other companies use that vendor, or similar vendors.
Inherent risk not only helps organizations prioritize their third parties based on their potential risk, but it also informs the assessment process, validation, and analysis.
For example, if a third party has access to their customer’s data, the customer can assess whether the third party has the proper security controls in place to protect their data.
Regardless of whether CyberGRX users accept the automated results or edit them, the outcome is a rapid and prioritized TPCRM assessment strategy based on high, medium, and low risk vendors.
Armed with CyberGRX AIR insights, users can begin ordering appropriately tiered assessments. They are kept up to date throughout the due diligence process with a real-time progress tracker that brings enhanced visibility, clarity, and results-oriented insights to any organization’s TPCRM program when coupled with the Exchange.
Once third parties submit their data, customers receive a validated and prioritized view of the third party’s critical gaps and top risks within the five control groups: strategic, operational, core, management, and GDPR.
In addition, residual risk insights allow an organization to compare their third-parties’ assessment results against other companies within their portfolio or the Exchange community. With the addition of AIR, CyberGRX now informs decision making throughout the entire TPCRM process.
“The latest features from CyberGRX have been tremendously helpful in enabling us to manage more of our third-party portfolio,” said Nicole Makinney, Third Party Risk Manager at McKesson.
“The new auto inherent risk feature allows us to work through more of our third parties with a prioritized assessment strategy and the progress tracker keeps me up to date on the status of our outstanding assessments without having to pester our assessment coordinator.
“This in turn has enabled me to escalate or send follow-ups to vendors as needed, provide timely updates to my business stakeholders, and inform my leadership of near real-time progress on high-profile assessments.”
Despite increasing awareness and concern for third-party cyber security, the missing factor in many of today’s TPCRM tools is the ability to produce insight that informs action and decision making.
CyberGRX’s comprehensive approach to TPCRM scales with customer needs while leveraging a community of users’ experiences, efforts, and shared data, bringing value to all TPCRM programs through informed decisions. And with over 35,000 companies on the Exchange, the community continues to get smarter and more secure.