Search
Partners
Cyber Risk Nation
Exchange Login

How It Works
Identify & Assess

Global Risk Exchange

The world’s first, largest, and only collaborative third-party Exchange.

Predictive Risk Profiles

Predictive risk data on 250,000+ companies with up to 91% accuracy.

Auto Inherent Risk Insights

Identify the vendors most likely to incur a cyber incident.

Integrate ServiceNow VRM

Optimize productivity and modernize TPRM.
Analyze & Report

Framework Mapper

Map assessment data to any industry framework.

Cyber Threat Profiles

View commonly exploited controls.

Attack Scenario Analytics

See how well a third-party is prepared to handle common attacks.

Portfolio Risk Findings

View your entire third-party portfolio to see unmet controls.
Monitor & Secure

Threat Tools

Understand vulnerabilities and minimize the impact of an attack
Dummies Guide

Flip the script on third-party risk management.
Free Guide
How We Help
Our Secret Sauce

See how we help you optimize your TPRM resources.
View Now
Who We Help
Success Stories

See how CyberGRX has impacted organizations just like yours.
Read Now
Why CyberGRX
Learn Something New
Get a Quote
Book a Demo

Third-Party Cyber Risk Management Maturity Quiz

Do you have an established third-party cyber risk management strategy?
- Yes
- No
Do you have staff dedicated to third-party cyber risk management?
- Yes
- No
- Ad-hoc / Part-Time
What technology is leveraged to manage your third-party process today?
- None - Spreadsheet based
- Standard - Vendor risk management tools help track assessment activities
- Advanced - Third-Party Cyber Risk Management platform that provides analytics based on assessment data
What types of third parties are you tracking?
- Vendors
- Partners
- Affiliates
- Subsidiaries
- All of the above
What criteria is used to risk rank third parties today?
- None – We do not risk rank
- Geography
- Total spend
- Criticality of services provided
- Potential impact of data exposure
- Risk Based on threat intelligence
How do you currently assess your third parties?
- Independently validated assessment (on-site, remote)
- External Assessment (i.e., surface scanning)
- Spreadsheet based self-assessment
- We do not currently assess third parties
How frequently are you assessing your most critical third parties?
- Annually and event-driven (When specified event criteria occur)
- Annually
- Every 2 years
- No routine assessment schedule
What percentage of your third parties are subject to an independent assessment (e.g., conducted or validated by an entity that is separate from the assessee)?
- More than 11%
- Between 6% - 10%
- Less than 5%
- None
Which residual risks have a documented mitigation plan?
- All risk levels
- Risks Rated Medium and High
- Risks Rated High Only
- None
Under which circumstances are you notified of changes to a third party’s risk posture?
- No notifications
- When a breach occurs
- If their business expands or contracts (divestiture or acquisition)
- If vulnerabilities potentially affecting your data have been identified
How do you respond when your company is being assessed by up-stream partners (i.e., you are the third party)?
- Complete each questionnaire manually
- Email a standardized report like a SOC II
- Provide access to an updated cyber risk assessment of your organization at agreed upon intervals
Thank you for submitting your questionnaire! Please fill the form below to see your scores:

First name*

Your name*

Your email*

Company*

YOUR SCORE IS IN THE BOTTOM THIRD OF THE PARTICIPANTS AND INDICATES YOUR PROGRAM IS: BASIC

Your third-party cyber risk management program is just getting off the ground. It is most likely spreadsheet based, ad-hoc and has much room for improvement. You have a high risk of exposure from your third parties.

Work on your program maturity with a copy of our eBook, "Mitigate Third-Party Cyber Risk Exposure"

YOUR SCORE IS IN THE MIDDLE THIRD OF THE PARTICIPANTS AND INDICATES YOUR PROGRAM IS: EMERGING

Your third-party cyber risk management program is improving. You are driving automation in some areas, but most tasks are still manual. You likely have little visibility into the risk from your entire third-party ecosystem, are still using "shared spreadsheets" and are not correlating threat intelligence to weak controls. You have medium risk of exposure from your third parties.

Work on your program maturity with a copy of our eBook, "Mitigate Third-Party Cyber Risk Exposure"

YOUR SCORE IS IN THE TOP THIRD OF THE PARTICIPANTS AND INDICATES YOUR PROGRAM IS: OPTIMIZED

Congratulations! Your third party cyber risk management program is in the top third of programs. You are leveraging technology to automate many of the functions and have visibility into the risk from your entire third party ecosystem. You are not using "shared spreadsheets" and are correlating threat intelligence to weak controls. You have a low risk of exposure from your third parties.

Work on your program maturity with a copy of our eBook, "Mitigate Third-Party Cyber Risk Exposure"

Oops! An error occurred, please try again later.

Leadership
Partner with Us
Events
Knowledge Base
Careers
Contact Us

877.929.2374

1601 19th Street, Suite 600
Denver, CO 80202

© 2023 CyberGRX - The Third-Party Cyber Risk Exchange | Privacy Policy | Cookie Preferences

We use cookies to understand how you use our site and to improve your experience. This includes personalizing content and advertising. By continuing to use our site or clicking Accept, you accept our use of cookies and a revised privacy policy.

To use web better, please enable Javascript.