We want all members of our exchange to leverage their completed CyberGRX assessment as their standard in response to questionnaire requests to reduce the load of one-off requests and spend your time more strategically.
You will not likely be able to achieve a 100% acceptance rate of your CyberGRX standard assessment by your customers given current industry conditions, but on average our members see about 63% acceptance. Think of the time saved!
We’ve compiled our top 5 tactics to increase your assessment acceptance rate.
When we introduced Framework Mapper for third parties earlier this year, we knew it would be a game changer. According to a Ponemon report, third parties spend over 15,000 hours completing cyber risk assessments each year. With the addition of the Framework Mapper feature, third parties can replace redundant assessments with the CyberGRX assessment by simply mapping the assessment back to relevant industry frameworks such as GDPR, CCPA, NIST 800/CSF, HIPAA, etc.— at their customers’ request. This means customers are more likely to accept an assessment that conveniently fits the frameworks that they are accustomed to.
Accompany your assessment with further evidence (e.g. certifications, SOC2 in PNG, PDF, and JPEG file types) to boost the credibility of your standard package and avoid unnecessary follow up questions.
We’ve released a new Evidence Upload feature that allows you to share the evidence you’ve submitted with your assessment with any customer of your choosing with just a few clicks of the mouse. Don’t worry, you still have complete control over who views your shared evidence, and only those that you authorize will be able to access it.
Custom Landing Page
For those experiencing a high volume of requests, customers are more likely to request and accept your assessment if they have a dedicated place to start the process, which is why we’ve introduced custom landing pages for those third parties who have embraced proactively sharing their CyberGRX assessment. We'll work with you to create a landing page to make it even easier for organizations to request access to your assessment on our exchange. See the AWS compliance page for inspiration.
CyberGRX Member’s Badge
Did you know that as a CyberGRX Exchange member, you are entitled (and encouraged!) to display an exclusive badge letting your customers know you’re an exchange participant? They’re a great way to show that not only do you have a CyberGRX assessment to share, but also that you're committed to taking a proactive approach to your cybersecurity practices. In other words, it’s a quick, easy, and free way to help build confidence in your dedication to cyber hygiene. Simply email results@CyberGRX.com to receive yours today!
Communicate the WHY
Create a canned response to accompany your standard package (CyberGRX assessment and supporting documents) explaining why you’ve developed a standard and how it will satisfy the shared goal of a secure, shared ecosystem between you. Highlight, namely, that it is FREE to them to view, that they can map this assessment to 20+ industry frameworks, and, if applicable, that you’ll also share supporting evidence. Lastly, communicate that by embracing a standard like the giants have already (AWS, Google), your organization has more time to dedicate to more strategic security work, which benefits everyone.
Have you learned any tips and tricks that you’d like to share with us?