CyberGRX

A technology company faced a significant challenge after merging with another organization, which resulted in the doubling of their third-party ecosystem. Prior to the merger, the company had an efficient third-party program that included an in-house assessment working in tandem with a GRC tool. However, the merger put a strain on this system as the number of third parties in their ecosystem doubled. The company's team was unable to scale their current program to effectively manage their new vendors due to a lack of increase in human resources. The company was in need of a solution that could seamlessly integrate with and scale their process, enabling them to apply the right level of due diligence across their new and expanded ecosystem efficiently.

Blackstone, a leading investment firm, faced a significant challenge in managing its third-party cyber risk. With a rapidly growing business, a robust vendor ecosystem, and a portfolio of over 100 companies, Blackstone needed a solution that could efficiently and effectively manage its third-party cyber risk. The existing risk management program, initiated in 2012, was based on spreadsheets and phone calls, which was not scalable to keep up with the 4 to 6 new vendors coming on board every month. This challenge was not unique to Blackstone, as their entire portfolio of companies shared the same issue. The companies were using different methodologies to support their risk programs, there was a lot of overlap among common vendors being assessed by multiple companies, and findings from assessments were rarely shared.