CyberGRX, a third-party cyber-risk management platform provider, recently unveiled a first-of-its-kind cyber risk assessment exchange for sharing third-party security information.
Built in partnership with chief security and risk officers from Aetna, Blackstone, MassMutual, ADP and other large companies with a combined network of more than 40,000 companies in their digital ecosystems, the CyberGRX Exchange brings together enterprises and their third parties and creates massive efficiency to a process that has largely been driven by sharing spreadsheets and trusting unvalidated self-assessments.
The CyberGRX Exchange creates benefit for both enterprises and for third parties. It enables enterprises to know which of their third parties pose the most risk to their organizations at any time. It provides enterprises instant access to updated risk assessments and advanced analytics to identify, assess, mitigate and monitor third parties and empower collaborations that minimize risk. This allows existing security teams to shift from data collectors to risk managers.
The platform also benefits third parties. One of CyberGRX’s customers, a market-leading human capital management outsourcing provider, previously completed approximately 1,000 redundant security assessments per year with a dedicated staff of 50 professionals. Once assessed by CyberGRX, a third party’s dynamic assessment exists in the CyberGRX Exchange and can be pushed upstream to existing and new business partners. The unique “assess once, share with many” model maximizes efficiency, drives down costs and helps security move from a cost center to a business growth driver.
The CyberGRX Exchange is designed to make it simple and cost effective for enterprises to get up-to-date, comprehensive, one-click access to their third parties’ cyber risk assessments. It is purpose-built to transform companies’ third-party cyber risk management processes from a compliance-based to a risk management-based approach. For third parties, the CyberGRX Exchange is designed to make it easy to complete and share their updated cyber risk assessment with their upstream partners.
The CyberGRX Exchange delivers standardized assessments, actionable analytics, remediation management and real-time threat intelligence updates to enterprises and their third parties, enabling them to:
Mitigate risk: Enterprises can identify and mitigate risk across their entire digital ecosystem with actionable, risk-based analytics focused on real threat exposures. The threat-based model allows third parties to focus on top risks, rather than a compliance-driven checklist.
Reduce costs: The CyberGRX Exchange is a tiered offering with annual subscription rates significantly lower than the cost organizations are incurring today. By placing an up-to-date cyber risk assessment in the CyberGRX Exchange, third parties dramatically reduce the resources and spend associated with the vendor response process.
Manage complexity: For enterprises, the Risk-Assessment-as-a-Service model streamlines and automates processes as a “one-stop shop” for third-party cyber risk management. For third parties, the CyberGRX Exchange serves as an easy communication platform, allowing them to be assessed once and use the results across multiple customers and frameworks.
The CyberGRX Exchange is available immediately.