Information Technology


and the Information Technology Industry

Information technology companies face a unique third-party management challenge. They are key service providers to their customers, as more companies move workloads to the cloud and use software-as-a-service. At the same time, IT companies are ever-more reliant on external providers themselves, from business process outsourcers to cloud providers or IT vendors.

The number of vendors, partners and customers in an IT company’s digital ecosystem can easily run into the tens of thousands. But according to Deloitte’s 2016 Global Outsourcing Survey, only 28% of companies are actively evaluating their service providers as part of their effort to mitigate cyber security risk.

The primary reason for this lack of industry diligence can be attributed to today’s prevailing approach – largely based on sharing spreadsheets – creating waste. It’s not uncommon for large information technology companies to employ dozens of dedicated staff whose sole responsibility is responding to thousands of security assessments per year.

Information technology providers require a more scalable, effective and efficient method to reduce cyber impact from their third party ecosystem.



Follow security best practices by asking “what threats am I exposed to? How do I need to mitigate against them? And what’s the next thing I need to be worried about?” That context is key to adopting a risk-based approach to addressing third-party cyber risk exposure.


IT organizations spend far too much time, energy and money completing questionnaires and hosting on-site security assessments. CyberGRX allows you to be assessed once and share with upstream partners, bringing scalability, standardization and cost efficiency to an otherwise inefficient process.


Third-party relationships represent some of the hardest-to-manage cyber risks for IT organizations and their customers. Recent Ponemon Institute research found that nearly half (49 percent) of all organizations recently reported that they experienced a data breach caused by a vendor, and nearly three out of four (73 percent) enterprises expect third-party related incidents to increase. CyberGRX allows information technology organizations and their business associates to execute on the following key components of a sound TPCRM strategy:

Identify – On average, enterprises assess their vendor and partner cyber risk annually, but third-party cyber risk exposure constantly changes. CyberGRX enables you to identify the changes to your third-party cyber risk exposure with greater velocity.

Assess – Enterprises focus the vast majority of their time collecting data, rather than performing risk management and mitigation processes to reduce the residual security risk third parties represent. CyberGRX standardizes the methodology enterprises use to manage third-party cyber risk to make it scalable and more cost-effective.

Mitigate — CyberGRX allows third parties to understand where there are gaps and how to remediate these issues. Uncover weak third-party controls and work with your vendor, partner or customer to remediate these issues before vulnerabilities are exploited.

Monitor – Annual security reviews will not suffice in the current threat landscape. Today’s threat environment is constantly changing, creating new risks to the enterprise. The CyberGRX platform delivers a dashboard that provides up-to-date information on exposure to risk.