Right size your
TPRM program.

See your risks across your entire third-party portfolio, then use your findings to determine which third parties need deeper evaluation. CyberGRX helps you save time, money, and improve your TPRM effectiveness. 

Plans start at $50,000 - Get a quote from one of our TPRM advisors.

“CyberGRX has moved our program from a volume driven assessment program to a risk-based third-party program. We have seen a 5X improvement into seeing vendor risk insights at ⅓ of the price.”

We take the risk out of third-party risk management.

  • Flat-rate pricing based on your portfolio size.
  • Smart-risk ranking that reveals your biggest risks.
  • Predictive data and continuous monitoring / alerting across your entire portfolio.
  • Compliance risk awareness based on control gaps.
  • Data-driven insights to guide which third parties to bring under management.
  • Integrate with your GRC tool or use only CyberGRX - your choice!

Gain portfolio-wide visibility and right size your TPRM program today!

Trusted by leading brands:

Frequently Asked Questions

We understand that our customers have limited budgets, so we want to ensure you are directing your resources where they are needed most. 

With a focus on both breadth and depth, CyberGRX allows you to upload your entire third-party portfolio, use data to prioritize your low, medium, and high-risk vendors, and then focus your budget and resources on managing your most critical vendors. With this method, you can feel confident that you have eyes on every vendor while concentrating your efforts on the riskiest vendors using in-depth tools to remediate or mitigate vulnerabilities. Our model helps you “right-size” your TPRM program, both in managing your risks and where to spend your resources.

Our model is designed to provide your TPRM program with the appropriate breadth of resources to gain portfolio-wide visibility while giving you the depth of data necessary to secure against your riskiest vendors. All customers begin with building a Third-Party Portfolio (TPP) offered at a flat fee based on the number of third parties in your portfolio. Then, once you understand the risk inside your portfolio, you choose which vendors to move into Third Parties Under Management (TPUM), gaining access to robust data sets to help you make informed risk decisions.

In the Third-Party Portfolio (TPP) tier, you immediately gain access to the following features:

  • Portfolio Management - A centralized dashboard to monitor assessment status and view critical Exchange information regarding the vendors in your portfolio.
  • Auto-Inherent Risk - A risk ranking and prioritization feature to help you understand which vendors in your portfolio pose low, medium, and high exposure based on your relationship with the vendor.
  • Portfolio Risk Findings - Select a framework of choice and uncover which vendors are the poorest performers or which unmet controls have the highest number of vendors. 
  • Risk Monitoring and Alerting - Receive near real-time alerts for vendors whose vulnerabilities are at risk with special reporting that allows you to begin mitigation.

In the Third Parties Under Management (TPUM) tier, you gain access to the following features:

  • Attack Scenario Analytics - Use attested or predictive data to understand any vendor’s level of risk when compared to key security categories of the MITRE ATT&CK™ framework and discover potential areas of vulnerability.
  • Framework Mapper - Measure any vendor in your portfolio against a library of frameworks, industry, or cyber threat profiles to uncover specific gapped controls and begin remediation tactics. 
  • Attested Data - Drastically reduce the number of assessments you request by accessing the world’s largest third-party cyber risk Exchange, comprised of over 14,000 attested assessments and over 85% of the most requested third parties.
  • Predictive Data - Stop assessment chasing and accelerate your decisions with Predictive Risk Profiles (US Patent Pending). Predictive data, with an accuracy rate of up to 91%, is especially beneficial for vendors who do not have an attested assessment or are low-risk and don’t require deeper evaluation.

While you can move new vendors under management as needed, swapping in and out of TPUMs is unavailable.

Great question! Simply complete the form above, and a sales representative will reach out to book a convenient time to connect.