What they do: Provide a third-party cyber risk management exchange.
Problem they solve: Security pros know that contractors represent a major security risk. (Just ask the NSA about the contractor Ed Snowden.) In fact, according to PwC’s 2016 Global State of Information Security report, third-party contractors are the second biggest source of security incidents, behind only internal employees.
Despite third parties being a top attack vector, most enterprises still have no good way to assess the risk contractors pose. In the meantime, corporate resources are open to them because contractors need those assets to do their jobs.
“On average, enterprises assess their vendor and partner cyber risk annually, at best,” a CyberGRX spokesperson wrote to Startup50. “For lower tier partners, enterprises may only assess them once every few years.”Backed by $29M VC, #Big50-2017 #startup CyberGRX helps organizations vet third party contractors and partners through a third-party risk management exchange platform. Click To Tweet
Yet, to accurately assess risks, enterprises require constant visibility into which third parties need attention due to change, such as employee turnover, shifts in management, acquisitions, breaches, divesture, or other events that alter the risk associated with doing business with them.
How they solve it: CyberGRX helps organizations vet third parties through a third-party risk management (TPCRM) exchange. The CyberGRX Exchange enables organizations to gain operational control over their third-party ecosystem, monitoring and mitigating risks associated with contractors and partners.
The way it works is that third parties go to the CyberGRX Exchange to get rated. For third parties, the CyberGRX Exchange is designed to make it easy to complete one updated cyber risk assessment and share it with their many upstream partners. The CyberGRX Exchange delivers standardized assessments, actionable analytics, remediation management, and real-time threat intelligence updates to enterprises and their third parties, enabling them to mitigate risk, reduce costs, and manage process complexity.
Headquarters: Denver, CO
CEO: Fred Kneip, who previously served as Security Department Head for Bridgewater Associates.
Year Founded: 2015
Funding: $29 million in total funding. The most recent round, a $20M Series B, closed in April 2017. Bessemer Venture Partners (BVP) led the round and was joined by other existing investors, including Aetna Ventures, Allegis Capital, ClearSky, GV (formerly Google Ventures), MassMutual Ventures, Rally Ventures, TenEleven Ventures, and several other strategic investors.
Competitors include: BitSight, RiskIQ, SecurityScorecard, ThreatQutient, and ThreatConnect.
Customers include: ADP, aetna, Blackstone, and MassMutual Financial Group.
Why they’re in the Big 50-2017: CyberGRX did well in Big50-2017 online voting; they closed a big Series B round in April; they have an impressive list of customers; and the startup recently entered into a couple of high-upside partnerships.
In September, CyberGRX entered into a technology partnership with a potential competitor, BitSight, to embed BitSight’s security rating capabilities within the CyberGRX Exchange. “Integrating BitSight’s objective, quantitative measurements of companies’ security performance into the CyberGRX Exchange provides a unique 360-degree view of third-party cyber risk,” the companies argue.
And in November, the startup formed a strategic alliance with Deloitte “designed to help organizations across the globe more efficiently and effectively manage extended enterprise cyber risks through a shared common utility model.”