digital planet


Third-party Cyber Risk Assessment Utility

CyberGRX and Deloitte collaborate for the extended enterprise

Deloitte, with CyberGRX’s Exchange, helps clients manage their third-party cyber risk assessment processes—often manual and frequently out of date—to a cost effective and market leading utility. Governing, automating, and validating the extended enterprise ecosystem’s cyber risk assessments quickly optimizes third-party programs, creates efficiencies, and builds confidence in a digital world​.

The third-party network is expanding

Organizations are increasing their reliance on third parties—vendors, alliances, and service providers—to improve their competitiveness, accelerate time to market, and reduce operational costs. Whether through outsourcing core enterprise functions or adjacent functions that expand capabilities, using cloud providers and other managed services or forming alliances and joint ventures, the extended enterprise ecosystem is exponentially expanding.

Back to top

global enterprise survey results

But at what risk?

Customer, employee, third- and fourth-party data, intellectual property, and trade secrets may be exposed. We found that 74 percent faced at least one third-party-related incident in the last three years. And as many as one in five respondents have faced a complete third-party failure or an incident with major consequences in the last three years.

global enterprise survey results

To build confidence, a better model is needed

Is your extended enterprise risk management (EERM) capability ready for an increasingly digital world? In Overcoming the threats and uncertainty, only 20 percent of organizations have integrated or optimized their EERM mechanisms—with others aspiring to do so within the next 1-3 years. A mere 11 percent of respondents indicated they are “fully prepared” to deal with the increased uncertainty in the external environment, while a significant majority (72 percent) are only “somewhat prepared.”

The threat of a third-party data security breach is real. Indeed the trend of a data security breach attributed to third parties is increasing at an alarming rate: 63 percent of companies having experienced a breach in 2016. And leading organizations recognize that EERM program maturity can’t wait.

It’s not only the potential for third-party incidents that bring risk. Organizations are using more and more third parties—at a rate of 20 percent each year. This is adding more pressure on time consuming and often manual third-party risk management processes. For many organizations lacking agility, this might be the barrier to engaging new third parties. As a result, they may be unable to keep pace and result in unintended consequences: eroding the organizations’ competitiveness, delaying time to market, or creating a backlog in operational transformation initiatives, among others.

blue circle

How Deloitte and CyberGRX can help

Deloitte brings flexibility, resources, and reach to validate third-party assessments at a global scale—and at scale on the CyberGRX Exchange. Together we can help clients access Deloitte's world-class assessment capabilities to drive more efficient and effective assessments.

Our combined solutions provide enterprises with the ability to scale and adapt with a single solution that brings:

  • Cost mutualization. A common platform and standards bring a consistent approach in conducting third party risk assessments, which shares the expense across organizations and creates a cost effective execution model.
  • Efficiency. Using this model, there’s a reduced time to complete assessments and continued validation without incremental effort by either the enterprise or third party.
  • Standardization. By leveraging market, industry and regulatory standards, enterprises access a platform which validates compliance across the entire third-party extended enterprise ecosystem.

Deloitte and CyberGRX are changing the third-party cyber risk management paradigm. Together, we’re helping organizations shift resources that historically focused on point-in-time data collection and validation to a true third-party risk management approach via a shared platform.

blue question orb

Let's talk

If you’re interested in learning more, please contact us. We’d be happy to schedule a meeting with you and your team.

D. Scott Gauch
Principal | Deloitte Risk and Financial Advisory
Deloitte & Touche LLP
+1 201 499 0605
Deloitte profile

Ed Powers
US Managing Principal | Cyber Risk Services
Deloitte & Touche LLP
+1 201 499 0605
Deloitte profile

us-ed-powers-thumbnail.jpeg (110×110)
Did you find this useful?