CyberGRX: A Force Multiplier for Third-Party Cyber Risk Management
In 2012 Blackstone initiated a third-party risk management program that consisted of shared spreadsheets and phone calls. As their business grew rapidly, adding 4 to 6 vendors every month, they realized that a program based on spreadsheets and phone calls couldn’t keep up. As Blackstone engaged with its portfolio companies, it became quickly apparent this problem wasn’t unique to them. Blackstone sought a third-party risk management partner that could help them scale their third-party program while enabling them to increase efficiencies. CyberGRX became that partner, and has since served as a force multiplier for their third-party risk management program.
Within the first year, Blackstone has already seen ROI from using the CyberGRX Exchange. Not only have they been able to reallocate resources to more strategic tasks, but they anticipate they will be able to assess five times the vendors than previously possible.
"CyberGRX is a force multiplier for our third-party cyber risk management program. In just the first year, I anticipate we will be able to assess 5x more vendors than we assessed last year and reallocate the resources saved to true risk management and mitigation efforts."
– Adam Fletcher, Blackstone CISO