CyberGRX applies machine learning to ‘transform third party cyber risk management’

Global risk exchange provider CyberGRX has launched the first in a series of predictive risk intelligence capabilities, the Predictive Risk Profile.

By leveraging standardised data within the Exchange platform and applying machine learning and data analytics, CyberGRX says it can now anticipate how individual third parties within a company’s vendor ecosystem will respond to a detailed security assessment questionnaire with an accuracy rate nearing 85 percent.

CyberGRX customers can use Predictive Risk Profiles to understand how individual vendors impact their cyber risk as well as to understand how they are viewed as a third party by their own customers.

“Third-party cyber risk management has been a tough nut to crack for many companies. This is largely because of the market misconception that having third parties complete risk assessments equals improved risk management. However, as recent events have shown, this is rarely the case,” said Fred Kneip (pictured), CEO at CyberGRX. “Since our inception, CyberGRX has been focused on creating a modern approach to third-party cyber risk management and proving to the industry that assessments are only a piece of the puzzle to help solve a larger problem. Predictive Risk Profiles will continue to propel the industry away from assessment-chasing to more effectively prioritising and managing third-party risk.”

With more than 130,000 companies on the Exchange and over 9,000 completed assessments, CyberGRX’s predictive risk assessment results are informed by its proprietary algorithm which analyses the data within the Exchange—collected from companies spanning multiple industries and geographies—along with firmographic information and outside-in scanning data from technology partners to produce a comprehensive predictive risk profile. From inherent and residual risk views, to mapping against common and customised frameworks, to providing control gap analysis using threat profiles and real-life cyber attack analytics, CyberGRX says its Predictive Risk Profile allows users to monitor and analyse third-party risk through the lens that matters most to them.

“With the difficulties managing third-party risks, CyberGRX's upstream sharing benefits both customers and service providers alike. Their new predictive risk intelligence capabilities are very interesting, and I was pleasantly surprised at how accurate it was compared to our validated results,” said Rory O'Connor, information security manager at Iron Mountain. “I hope more of our customers take advantage of CyberGRX’s predictive results, saving significant time and streamlining the third party risk management process.”

CyberGRX recently commissioned a  study conducted by Forrester Consulting that surveyed over 300 senior IT leaders and found that 95 percent of respondents claim their organisation experienced a strategy- or technology-based challenge in managing third-party risk. It said the results “made clear that the current approach to third-party cyber risk management is broken. First and third parties are not working together and many organisations’ third-party cyber risk management strategies still rely on solutions that use static spreadsheets or bespoke assessments”. It said that even when these assessments are collected, the data is not standardised, meaning little can be done with it from an analysis point of view.

“Data without insight is only noise. That’s why CyberGRX has collected the most comprehensive cyber risk data to provide these actionable insights,” said Frank Price, CPO at CyberGRX. “Our predictive risk intelligence capabilities will help customers understand where their critical and high risks are so they can prioritise their efforts accordingly. As a result, they’ll be able to lessen impact from attacks on third parties and mitigate risks quickly and efficiently.”

CyberGRX will be hosting two webinars in December to showcase Predictive Risk Profiles.

For Customers:  Manage Risk with Data Intelligence: A revolutionary approach to third-party cyber risk management

For Third Parties:  End the Assessment Chase: Take control of your cyber risk reputation with Predictive Risk Profiles

Did you get value from this story?  Sign up to our free daily newsletters and get stories like this sent straight to your inbox.