Additional Info

Company size (employees)100 to 499
Headquarters RegionNorth America
Type of solutionCloud/SaaS


As ransomware, third-party breaches and supply chain attacks continue to proliferate, CyberGRX provides advanced capabilities to go beyond assessment gathering to identifying vulnerabilities and offering action plans to help companies address the most pressing risk gaps in their vendors/suppliers’ security postures.

Notable features available in the CyberGRX Exchange are:
-Predictive Risk Profiles: By leveraging standardized data within the Exchange platform and applying advanced machine learning and data analytics, CyberGRX can forecast how individual third parties within a company’s vendor ecosystem will answer each assessment question with an accuracy rate of up to 91%
-Threat Profiles: This feature allows customers to easily identify their third parties’ control gaps typically exploited in common/recent attacks. This information provides a breakdown of which third parties are most likely to experience an attack. CyberGRX offers Threat Profiles aligned with specific campaigns such as REvil ransomware, SolarGate, CodeCov, Microsoft Exchange Servers and more.
-Framework Mapper: This feature maps CyberGRX’s assessment results back to custom or industry frameworks, enabling customers to measure data protection policies and standards of third parties without the need for customized or multiple assessments.
-Attack Scenario Analytics: CyberGRX is the only third-party cyber risk management company to have mapped their entire risk analytics platform to 150+ MITRE kill chains. This allows customers to view third party risks in the context of the MITRE ATT&CK framework with both predictive and attested assessment capabilities. Customers are able to significantly improve the defensibility of their overall ecosystem.
-Risk Monitoring and Alerting: Through a partnership with Recorded Future, CyberGRX is able to leverage Recorded Future’s advanced threat intelligence to provide Exchange members with visibility and alerts to third-party breaches and risk incidents within their portfolio in near real-time.

How we are different

-CyberGRX is the only risk management platform in the world that includes comprehensive data on over 225,000 third parties. Security practitioners no longer have to chase vendors or wait for assessment data. Leveraging CyberGRX's sophisticated data analytics, predictive risk intelligence, real-world attack scenarios, and real-time threat intelligence, CISOs can make data-informed decisions faster, and prioritize risks more effectively.
-CyberGRX gives customers the ability to eliminate the sole reliance on ‘point-in-time’ third-party risk assessments or single vendor assessments. CyberGRX’s platform is dynamic and scalable to a real-time and prioritized view of critical risks as business and threat landscapes evolve.
-CyberGRX takes pride in operating a dual-sided platform that provides value for both customers and third parties. Customers have threat and risk data at their fingertips without having to sift through multiple documents, saving countless hours and redirecting the human resources to higher priority areas. For third parties, they no longer need to complete multiple customized assessments as they can share their CyberGRX assessment with any customer, even if they are not on the CyberGRX Exchange. By proactively sharing their assessment, third parties achieve a 70% acceptance rate, eliminating the need to complete additional questionnaires.