July 12, 2023 – CyberGRX and ProcessUnity announced today that the Third-Party Risk Management (TPRM) leaders have joined forces, creating the industry’s most powerful software and data platform to accelerate customers’ ability to identify, assess, analyze and ultimately reduce risk within their ecosystem. The combined company, which will continue to offer both products to new and existing customers, will merge the best-in-class TPRM workflow platform with the world’s largest global cyber risk exchange to centralize and standardize vendor risk management and directly respond to the most significant risks facing global enterprises today – third-party and cybersecurity.
“The combination between ProcessUnity and CyberGRX is an opportunity to revolutionize Third-Party Risk Management. We are in a unique position to transform how organizations assess their service providers while becoming the world’s largest database for vendor assessments and cyber risk data,” said Sean Cronin, CEO, ProcessUnity. “In the short term, our customers gain program workflow, validated vendor assessment data and artificial intelligence in a single solution – safeguarding their critical assets while significantly reducing program costs. Over time, our unparalleled expertise and forward-thinking innovators will introduce next-generation technology that will seismically shift how we manage cybersecurity and third-party risk. We’re thrilled to combine two customer-first teams and two market recognized platforms to amplify our value to the ecosystem.”
The Future of Risk Management
The combination offers global enterprises a vision for Third-Party Risk Management, where three key stakeholders – procurement teams, cybersecurity teams and external third-party service providers – work in concert to reduce both internal cyber risk and external third-party risk. The aim is to eliminate friction and obstacles for business adoption of products and services while ensuring organizations maximize protection. The joint ProcessUnity-CyberGRX platform will be the only integrated, end-to-end solution for third-party and cyber-risk assessments in the market.
ProcessUnity and CyberGRX deliver highly complementary capabilities that, when combined, offer immediate and measurable value to both customers and vendors. Customers will benefit from ProcessUnity’s assessment engine and vendor monitoring tools as well as CyberGRX’s standardized exchange containing more than 14,000 attested and validated assessments and cyber risk data on more than 250,000 companies to:
- Onboard vendors faster via more efficient pre-contract due diligence
- Complete periodic post-contract due diligence on-demand
- Assess traditionally hard-to-assess vendors that typically don’t respond to assessment requests
- Reduce cycle times, lower staffing requirements and significantly decrease program costs
- Minimize risk from external sources
More Efficient Use of Cybersecurity Resources
Vendors, overburdened and fatigued due to resource restraints and the exponential growth in assessment requests each year, gain the means to:
- Complete fewer assessments while satisfying more customer assessment requests
- Keep complete control over what assessment information is shared with each customer
- Lower customer due diligence and compliance costs
- Win new business faster and retain more clients
The companies’ artificial intelligence, machine learning and natural language processing abilities work alongside third-party risk teams to provide unparalleled vendor insights as well as significant time and cost savings. Use cases include:
- Predictive Risk Profiling: Anticipate how a given third party will answer assessment questions with up to a 91% accuracy rate.
- Automated Inherent Risk Scoring: Prioritize assessment strategies based on the likelihood a vendor will have a cyber incident and its potential impact.
- Policy Evaluation: Scan and score vendors’ policies, procedures and supporting documentation against common frameworks, regulations and standards to reduce inconsistent, time-consuming, manual document reviews.
“Since inception, CyberGRX has advocated for and improved upon methodologies to reduce risk and enable security and risk professionals to collaborate on the cybersecurity and risk management challenges experienced at the highest levels of the enterprise,” said Fred Kneip, CEO, CyberGRX. “Joining forces with ProcessUnity will push this endeavor farther and faster, allowing these professionals to more effectively demonstrate the value of their own risk management program, while also offering a new level of collaboration between companies and their trusted vendors to reduce risk on a global scale.”
Under the terms of the transaction, ProcessUnity and its investors acquired CyberGRX, whose existing shareholders participated in the deal and will retain a minority stake. Latham & Watkins served as legal advisor to ProcessUnity. Piper Sandler acted as financial advisor, and Cooley LLP served as legal advisor to CyberGRX.