As outsourcing significant business functions is now common practice for most organizations, major third-party data breaches are rapidly taking over news headlines.
Ponemon Institute and IBM’s Cost of a Data Breach Report found the average cost of a breach has increased from $370,000 to $4.35 million, with third-party involvement listed as one of the main reasons. An eSentire survey from the same year highlights that 44% of firms surveyed have experienced a significant data breach caused by a third-party vendor.
With Gartner reporting 60% of organizations as having 1000+ third-party relationships, effectively managing the cybersecurity risks they create and practicing vendor due diligence proves increasingly difficult.
Information security teams often also rely on manual risk reporting methods which are time and labor-intensive. Many organizations are now turning to automated third-party risk management (TPRM) solutions that automate data breach detection capabilities, provide real-time insights, and streamline remediation workflows.
We assess three TPRM solutions, CyberGRX, Recorded Future, and UpGuard, to help you make an informed decision before investing in the right solution for your needs.
CyberGRX Overview
CyberGRX was founded in 2015 and is based in Denver, Colorado in the United States. CyberGRX provides enterprises and their third parties improve their approach to third-party cyber risk management.
It does this by collecting questionnaire data and cyber risk assessments in a structured format and then sharing them on their information exchange platform to reduce the operational overhead of due diligence programs.
Recorded Future Overview
Recorded Future is a US-based threat intelligence platform that collects digital threat intelligence data from the Internet including open source, dark web, technical sources, and original research.
Recorded Future’s platform uses machine learning and natural language process AI to deliver accessible intelligence insights across six risk categories: brand, threat, third-party, SecOps, vulnerability, and geopolitical.