Solutions

Third-party Cyber Risk Assessment Utility

CyberGRX and Deloitte collaborate for the extended enterprise

Deloitte, with CyberGRX’s Exchange, helps clients manage their third-party cyber risk assessment processes—often manual and frequently out of date—to a cost effective and market leading utility. Governing, automating, and validating the extended enterprise ecosystem’s cyber risk assessments quickly optimizes third-party programs, creates efficiencies, and builds confidence in a digital world.

Join the conversation

The third-party network is expanding

Organizations are increasing their reliance on third parties—vendors, alliances, and service providers—to improve their competitiveness, accelerate time to market, and reduce operational costs. Whether through outsourcing core enterprise functions or adjacent functions that expand capabilities, using cloud providers and other managed services or forming alliances and joint ventures, the extended enterprise ecosystem is exponentially expanding.

But at what risk?

Customer, employee, third- and fourth-party data, intellectual property, and trade secrets may be exposed. We found that 74 percent faced at least one third-party-related incident in the last three years. And as many as one in five respondents have faced a complete third-party failure or an incident with major consequences in the last three years.

To build confidence, a better model is needed

Is your extended enterprise risk management (EERM) capability ready for an increasingly digital world? In Overcoming the threats and uncertainty, only 20 percent of organizations have integrated or optimized their EERM mechanisms—with others aspiring to do so within the next 1-3 years. A mere 11 percent of respondents indicated they are “fully prepared” to deal with the increased uncertainty in the external environment, while a significant majority (72 percent) are only “somewhat prepared.”

The threat of a third-party data security breach is real. Indeed the trend of a data security breach attributed to third parties is increasing at an alarming rate: 63 percent of companies having experienced a breach in 2016. And leading organizations recognize that EERM program maturity can’t wait.

It’s not only the potential for third-party incidents that bring risk. Organizations are using more and more third parties—at a rate of 20 percent each year. This is adding more pressure on time consuming and often manual third-party risk management processes. For many organizations lacking agility, this might be the barrier to engaging new third parties. As a result, they may be unable to keep pace and result in unintended consequences: eroding the organizations’ competitiveness, delaying time to market, or creating a backlog in operational transformation initiatives, among others.

How Deloitte and CyberGRX can help

Deloitte brings flexibility, resources, and reach to validate third-party assessments at a global scale—and at scale on the CyberGRX Exchange. Together we can help clients access Deloitte's world-class assessment capabilities to drive more efficient and effective assessments.

Our combined solutions provide enterprises with the ability to scale and adapt with a single solution that brings:

Cost mutualization. A common platform and standards bring a consistent approach in conducting third party risk assessments, which shares the expense across organizations and creates a cost effective execution model.
Efficiency. Using this model, there’s a reduced time to complete assessments and continued validation without incremental effort by either the enterprise or third party.
Standardization. By leveraging market, industry and regulatory standards, enterprises access a platform which validates compliance across the entire third-party extended enterprise ecosystem.

Deloitte and CyberGRX are changing the third-party cyber risk management paradigm. Together, we’re helping organizations shift resources that historically focused on point-in-time data collection and validation to a true third-party risk management approach via a shared platform.

Let's talk

If you’re interested in learning more, please contact us. We’d be happy to schedule a meeting with you and your team.

Suzanne Denton Managing Director \| Deloitte Risk & Financial Advisory Deloitte & Touche LLP +1 212 436 7601 Deloitte profile
Kevin Gallagher Managing Director \| Deloitte Risk & Financial Advisory Deloitte & Touche LLP +1 212 436 6072 Deloitte profile
Adam Thomas Principal \| Deloitte Risk & Financial Advisory Deloitte & Touche LLP +1 602 234 5172 Deloitte profile

Explore content

The third-party network
At what risk?
Building confidence
We can help
Let's talk

Join the conversation

Viewing offline content

Tax

Consulting

Audit & Assurance

Deloitte Private

M&A and Restructuring

Risk & Financial Advisory

AI & Analytics

Cloud

Diversity, Equity & Inclusion

Consumer

Energy, Resources & Industrials

Financial Services

Government & Public Services

Life Sciences & Health Care

Technology, Media & Telecommunications

Spotlight

Topics

Industries

More from Deloitte Insights

Careers

Students

Experienced Professionals

Job Search

Life at Deloitte

Alumni Relations

Third-party Cyber Risk Assessment Utility

CyberGRX and Deloitte collaborate for the extended enterprise

Explore content

The third-party network is expanding

But at what risk?

To build confidence, a better model is needed

How Deloitte and CyberGRX can help

Let's talk

Explore content

Recommendations

2017 extended enterprise risk management global survey report

A digital path to third-party ecosystem oversight

Viewing offline content

Third-party Cyber Risk Assessment Utility

CyberGRX and Deloitte collaborate for the extended enterprise

Explore content

The third-party network is expanding

But at what risk?

To build confidence, a better model is needed

How Deloitte and CyberGRX can help

Let's talk

Latest news from @DeloitteRiskFin

Sharing insights, events, research, and more

Explore content

Recommendations