Third-party Cyber Risk Assessment Utility

Solutions

Third-party Cyber Risk Assessment Utility

CyberGRX and Deloitte collaborate for the extended enterprise

Deloitte, with CyberGRX’s Exchange, helps clients manage their third-party cyber risk assessment processes—often manual and frequently out of date—to a cost effective and market leading utility. Governing, automating, and validating the extended enterprise ecosystem’s cyber risk assessments quickly optimises third-party programs, creates efficiencies, and builds confidence in a digital world​.

The third-party network is expanding

Organisations are increasing their reliance on third parties—vendors, alliances, and service providers—to improve their competitiveness, accelerate time to market, and reduce operational costs. Whether through outsourcing core enterprise functions or adjacent functions that expand capabilities, using cloud providers and other managed services or forming alliances and joint ventures, the extended enterprise ecosystem is exponentially expanding.

The third-party network is expanding

But at what risk?

Customer, employee, third- and fourth-party data, intellectual property, and trade secrets may be exposed. We found that 74 percent faced at least one third-party-related incident in the last three years. And as many as one in five respondents have faced a complete third-party failure or an incident with major consequences in the last three years.

But at what risk?

To build confidence, a better model is needed

Is your extended enterprise risk management (EERM) capability ready for an increasingly digital world? In Overcoming the threats and uncertainty, only 20 percent of organisations have integrated or optimised their EERM mechanisms—with others aspiring to do so within the next 1-3 years. A mere 11 percent of respondents indicated they are “fully prepared” to deal with the increased uncertainty in the external environment, while a significant majority (72 percent) are only “somewhat prepared.”

The threat of a third-party data security breach is real. Indeed the trend of a data security breach attributed to third parties is increasing at an alarming rate: 63 percent of companies having experienced a breach in 2016. And leading organisations recognise that EERM program maturity can’t wait.

It’s not only the potential for third-party incidents that bring risk. Organisations are using more and more third parties—at a rate of 20 percent each year. This is adding more pressure on time consuming and often manual third-party risk management processes. For many organisations lacking agility, this might be the barrier to engaging new third parties. As a result, they may be unable to keep pace and result in unintended consequences: eroding the organisations’ competitiveness, delaying time to market, or creating a backlog in operational transformation initiatives, among others.

CyberGRX Sees Massive Success Marking First Year Down Under

In a recent press release from CyberGRX, they indicated that increased regulations and enterprise reliance on vendor relationships lead more Australian companies toward innovative approaches for reducing third-party cyber risk. In just one year, the Australian market represents 15% of CyberGRX’s global revenue and the number of third parties ingested from Australian customers already makes up 14% of the CyberGRX Exchange.

“Third-party cyber risk management is now essential for all businesses. However, the traditional ways of managing vendor risks are cumbersome and inefficient for all concerned. The CyberGRX platform model solves for this with a unique set of tools, visualization and analytics that provides ongoing cyber risk insight, and its 2-sided marketplace benefits both the requestor and requestee, removing significant duplication and delivery challenges. It is an innovative and disruptive eco-system that Deloitte is excited to be sharing with our clients,” said Tommy Viljoen, Partner, Cyber Risk Services, Deloitte.

For further information see the press release.

How Deloitte and CyberGRX can help

Deloitte brings flexibility, resources, and reach to validate third-party assessments at a global scale—and at scale on the CyberGRX Exchange. Together we can help clients access Deloitte's world-class assessment capabilities to drive more efficient and effective assessments.

Our combined solutions provide enterprises with the ability to scale and adapt with a single solution that brings:

  • Cost mutualisation. A common platform and standards bring a consistent approach in conducting third party risk assessments, which shares the expense across organisations and creates a cost effective execution model.
  • Efficiency. Using this model, there’s a reduced time to complete assessments and continued validation without incremental effort by either the enterprise or third party.
  • Standardisation. By leveraging market, industry and regulatory standards, enterprises access a platform which validates compliance across the entire third-party extended enterprise ecosystem.

Deloitte and CyberGRX are changing the third-party cyber risk management paradigm. Together, we’re helping organisations shift resources that historically focused on point-in-time data collection and validation to a true third-party risk management approach via a shared platform.

Contact us

Tommy Viljoen

Tommy Viljoen

Partner, Risk Advisory

Tommy leads the cyber risk services strategy and governance team based in Sydney and has over 30 years’ experience in information technology, IT risk and cyber security governance across a broad range... More

Ian Blatchford

Ian Blatchford

Partner, Risk Advisory

Ian leads Deloitte’s Cyber business in Australia. He has 20 years of experience delivering technology and cyber projects to clients across the world. Ian has worked with a number of global organisatio... More