Original Research on CyberGRX

CyberGRX Customer Testimonial

CyberGRX helps to fulfill cyber risk assessments required for two major clients. We can also offer our assessment results to other prospective clients. CyberGRX helps us highlight potential areas for our cyber risk remediation.

— Operations Director, Small Business Professional Services Company

CyberGRX Customer Research

What do you use CyberGRX for?

Assessing third party vendors as part of the procurement process (vetting and onboarding)	87%
Assessing third parties as part of a compliance program (assessment audits)	70%
Continuously monitoring third parties as part of a cybersecurity program	64%
Aligning third party control gaps to common and recent cyberattacks	32%
Establishing industry benchmarks to improve my own third-party cyber risk program	15%

CyberGRX Case Study

Great Southern Bank

Introduction

This case study of Great Southern Bank is based on an August 2022 survey of CyberGRX customers by TechValidate, a 3rd-party research service.

“CyberGRX Predictive Risk Profiles provide me dynamic and immediate data on my third parties that I previously did not have with assessments alone.”

“CyberGRX is helping me improve my third-party cyber risk management program through the ability to continuously monitor and analyze my third-party risk data beyond assessments and workflows.”

“CyberGRX has added efficiency and productivity to our Third Party Risk Management process by allowing quicker review cadence and control assurance at scale.”

Challenges

What were the key pain points experienced prior to using CyberGRX:

Completed assessments taking too long to receive
A lack of visibility against current cyber threats involving third parties
No benchmarkable data to share with C-suite and/or Board

Use Case

What do you use CyberGRX for:

Assessing third-party vendors as part of the procurement process (vetting and onboarding)
Assessing third parties as part of a compliance program (assessment audits)
Continuously monitoring third parties as part of a cybersecurity program

Said that CyberGRX Predictive Risk Profiles are used prior to committing to a new third party in the procurement process.

Results

The surveyed company achieved the following results with CyberGRX:

Realized a return on their investment with CyberGRX within the first year.
Compared to other tools, how would you rate the following features of CyberGRX:
- Auto-Inherent Risk Ratings: Significantly Better
- Predictive Risk Profiles: Significantly Better
- Framework Mapper: Best In Class
- Threat Profiles: Significantly Better
- Third-Party Threat Intelligence Scores & Data (RiskRecon and Recorded Future integrations): Significantly Better
Said that due to the Exchange model and Predictive Risk Profiles that CyberGRX provides, “I have visibility to data on more than 75% of my third parties under management.”
Reported that CyberGRX platform is very important to their overall third-party cyber risk management program.

CyberGRX Customer Testimonial

CyberGRX allows us to have insight into a very large number of vendors in our space. We simply would not have been able to staff the team to handle assessing risk for the number of vendors we have.

— Director of Risk Management, Small Business Hospitality Company

CyberGRX Customer Research

What were the key pain points experienced prior to using CyberGRX?

Lack of visibility against current cyber threats involving third parties	53%
Completed assessments took too long to receive	51%
Process was focused on assessment completion and not risk data analysis	42%
No benchmarkable data to share with C-suite and/or Board	40%
Procurement-focused third-party process without security involvement	29%

CyberGRX Case Study

SurveyMonkey

Introduction

This case study of SurveyMonkey is based on an April 2022 survey of CyberGRX customers by TechValidate, a 3rd-party research service.

“CyberGRX requests are the best thing to receive because it takes me 15 seconds to authorize and send the information.”

Challenges

Prior business challenges that led the profiled company to evaluate and ultimately select CyberGRX:

Too much time spent completing bespoke assessments.
Urgent and unplanned bespoke assessment requests for presale procurement.
A lack of control over cyber reputation and risk posture due to the use of security ratings and outside-in scanning tools.
Too much time needed to address customer follow-up questions or requests post-assessment share.

Use Case

The key features and functionalities of CyberGRX that the surveyed company uses:

Completing self-assessments requested by a customer.
Assessing their own third-party vendors as part of the procurement and/or risk management process.

Activities on the CyberGRX Exchange they anticipate they’ll leverage to improve their risk posture in the next 6-12 months:

Update their CyberGRX profile & refreshing their assessment.
Use CyberGRX to manage their organization’s own third-party ecosystem (request assessments from others).

Results

The surveyed company achieved the following results with CyberGRX:

Rated the CyberGRX Assessment as “Best in Class” in comparison to other tools.
Said that CyberGRX’s Framework Mapper is better in comparison to other tools.
Rated the following CyberGRX features as “Significantly Better” in comparison to other tools: Threat Profiles, Validation Upload, and Sharing, Third Party Intelligence Score, and Data and Predictive Risk Profile.
Said that the CyberGRX Framework Mapper feature has been important in allowing them to respond to their customers’ varied requests.
Reduced the time spent completing bespoke assessments.
Helped to reduce the lack of control over cyber reputation and risk posture due to the use of security ratings and outside-in scanning tools.
Significantly reduced unplanned bespoke assessment requests for presale procurement.
Significantly reduced challenges concerning the lack of program success metric data or benchmarkable data to share with the C-suite and/or the Board.
Significantly reduced the amount of time needed to address questions or requests post-assessment share.
Said that CyberGRX has saved time within their third-party cyber risk program.

TechValidate Research on CyberGRX

These pages present data that TechValidate has sourced via direct research with verified customers and users of CyberGRX. TechValidate stands behind the authenticity of all published data. Learn more »

About TechValidate Research

Selected Research Highlights

What do you use CyberGRX for?

Great Southern Bank

Introduction

Challenges

Use Case

Results

Company Profile

About CyberGRX

What were the key pain points experienced prior to using CyberGRX?

SurveyMonkey

Introduction

Challenges

Use Case

Results

Company Profile

About CyberGRX

More to Explore

About CyberGRX

With 360-degree correlated data and rich, diverse analytics to support real-time decision-making, you have more insight into your third-party cyber risk surface than ever before.