CyberGRX launched the first in a series of predictive risk intelligence capabilities, the Predictive Risk Profile.
By leveraging standardized data within the Exchange platform and applying advanced machine learning and data analytics, CyberGRX can now anticipate how individual third parties within a company’s vendor ecosystem will respond to a detailed security assessment questionnaire with an accuracy rate nearing 85%. CyberGRX customers can use Predictive Risk Profiles to understand how individual vendors impact their cyber risk as well as to understand how they are viewed as a third party by their own customers.
“Third-party cyber risk management has been a tough nut to crack for many companies. This is largely because of the market misconception that having third parties complete risk assessments equals improved risk management. However, as recent events have shown, this is rarely the case,” said Fred Kneip, CEO at CyberGRX. “Since our inception, CyberGRX has been focused on creating a modern approach to third-party cyber risk management and proving to the industry that assessments are only a piece of the puzzle to help solve a larger problem. Predictive Risk Profiles will continue to propel the industry away from assessment-chasing to more effectively prioritizing and managing third-party risk.”
With more than 130,000 companies on the Exchange and over 9,000 completed assessments, CyberGRX has unparalleled depth and breadth of cyber risk data unattainable by other solutions in the market. Predictive risk assessment results are informed by CyberGRX’s proprietary algorithm which analyzes the data within the Exchange—collected from companies spanning multiple industries and geographies—along with firmographic information and outside-in scanning data from technology partners to produce a comprehensive Predictive Risk Profile.
From inherent and residual risk views, to mapping against common and customized frameworks, to providing control gap analysis using threat profiles and real-life cyber attack analytics, CyberGRX’s Predictive Risk Profile allows users to monitor and analyze third-party risk through the lens that matters most to them.
“With the difficulties managing third-party risks, CyberGRX’s upstream sharing benefits both customers and service providers alike. Their new predictive risk intelligence capabilities are very interesting, and I was pleasantly surprised at how accurate it was compared to our validated results,” said Rory O’Connor, Information Security Manager at Iron Mountain. “I hope more of our customers take advantage of CyberGRX’s predictive results, saving significant time and streamlining the third party risk management process.”
CyberGRX recently commissioned a study conducted by Forrester Consulting that surveyed over 300 senior IT leaders and found that 95% of respondents claim their organization experienced a strategy- or technology-based challenge in managing third-party risk. The results made clear that the current approach to third-party cyber risk management is broken.
First and third parties are not working together and many organizations’ third-party cyber risk management strategies still rely on solutions that use static spreadsheets or bespoke assessments. And, even when these assessments are collected, the data is not standardized, meaning little can be done with it from an analysis point of view.
“Data without insight is only noise. That’s why CyberGRX has collected the most comprehensive cyber risk data to provide these actionable insights,” said Frank Price, CPO at CyberGRX. “Our Predictive Risk Intelligence capabilities will help customers understand where their critical and high risks are so they can prioritize their efforts accordingly. As a result, they’ll be able to lessen impact from attacks on third parties and mitigate risks quickly and efficiently.”