CyberGRX streamlines cyber-risk security.
Melbourne 3 June 2019: Many of the world’s businesses rely on a tangle of third-party vendors to service their needs. For large enterprises, the vendor counts can be staggering, in some cases in excess of tens of thousands, making it extremely difficult to keep a handle on business operations, let alone security.
Globally, regulators have responded to this risk with legislation or pending legislation that requires companies to assess their third-party’s cyber-security risk. This has created a cottage industry of firms focused specifically on the third-party vendor risk challenge. Currently, the process is to ask a vendor to respond to a spreadsheet questionnaire in order to do business with the enterprise. These questionnaires are cumbersome, manual, quickly outdated, inefficient and in practice are only applied to the top 10% of an enterprises’ supplier base.
Many organisations don’t have the time, resources, or money to complete comprehensive audits, hence they are often left susceptible to security breaches. Customers are desperately in need of tools that automate the process of performing risk assessments on third party vendors.
Welcome to CyberGRX.
Marcus Bartram, lead investor and Partner at Telstra Ventures said: “To help customers address this issue, we’ve invested in CyberGRX whose mission is to become the leading global third-party cyber-risk management Exchange. CyberGRX provides a comprehensive third-party cyber risk management platform to cost-effectively identify, assess, mitigate and monitor an enterprise’s risk exposure across its entire partner ecosystem. Through automation and advanced analytics, the CyberGRX Exchange enables enterprises to collaboratively mitigate threats presented from their increasing interdependency on vendors, partners and customers.”
CbyerGRX data shows 63% of data breaches in the $US100 billion security industry are linked to a third party. CyberGRX now boast almost 30,000 companies world wide on its Risk Exchange.
Mr Bartram said: “When we invest in companies and founders, we think about a number of things including market opportunity, product and team. The market CyberGRX is leaning into is huge as they help to automate the entire business of third-party cyber risk management. The company has a number of strong tailwinds including: the number of third-party suppliers providing services to an enterprise has exploded; the processes to evaluate this third-party cyber-risk is manual and unscalable; legislation is requiring enterprises to understand their third-party cyber-risk; and the resources in cyber-risk assessment teams are only just scratching the surface of the supplier base. This is true in any enterprise that cares about third-party cyber-risk. CyberGRX is automating the cyber-risk assessment process, enabling enterprises to begin to understand their third-party supplier risk at scale and also allowing suppliers to scale how they respond to third-party risk assessments. Leading this charge is CEO Fred Kneip, who is a great leader and has assembled a very strong team. He is also a former practitioner and understands the customer problem deeply. So, from an investment perspective CyberGRX ticks all the boxes for us.”
In a Blog Marcus Bartram addressed the following questions:
What first attracted you to the company?
When CyberGRX pitched the company to us it was very easy to understand the problem they were laser focused on, how they were addressing it and how it would work at scale. We had an affinity to the problem having heard first-hand from a number of Chief Information Security Officers that they were trying to solve problems in third-party cyber risk management but hadn’t found any convincing tools.
What is different about CyberGRX compared to others?
Other companies in the space are either focussed on a) helping an enterprise understand their supplier risk by using tools to look at bread crumbs of clues on the internet that may lead to a conclusion that their suppliers security controls are not up to scratch or b) they are very focused on helping a company answer or ask a third-party risk assessment questionnaire but not both at the same time.
What do you see as the biggest way Telstra Ventures can help CyberGRX?
Given that the CyberGRX fundamentally operates a marketplace, the best way to help the company is to have large enterprises become clients of CyberGRX. This in turn drives suppliers to use CyberGRX to engage with those enterprises and if the experience that the company has had in the US is any indication, then this will start to move these suppliers to become customers of CyberGRX and engage their own suppliers. We are working on a solid pipeline of opportunities, including Telstra (who could be a cornerstone customer in the Australian market), and others.
About Telstra Ventures:
Telstra Ventures is a strategic venture capital firm that is focused on providing synergy revenues to its portfolio companies and financial returns to its investors. Telstra Ventures invests in market leading, high growth technology companies with exceptional products and leaders. Telstra Ventures is backed by two strategic investors: Telstra, one of the 20 largest telecommunications providers globally, and HarbourVest, one of the world’s largest private equity funds. With offices in San
Francisco, Sydney, Melbourne and Shanghai, Telstra Ventures has invested in over 60 companies since its inception in 2011. Visit telstraventures.com to learn more