CyberGRX aims to map the cyber risk data of every company in the world. As the largest third-party risk Exchange with over 13,000 assessments and cyber risk data on more than 250,000 companies, we consider ourselves well-studied in what works regarding predictive and attested third-party risk data. As we analyzed the effectiveness of our tiered assessment approach, it was clear that a change is needed to provide our customers with a deeper depth of data while continuing to support our third parties in effectively communicating their risk reputation. To this end, we are beginning the deprecation of our Tier 3 assessment.
What does this mean for Customers?
Customers will no longer be able to place new requests for Tier 3 assessments. Existing requests for Tier 3 assessments will move forward and remain in the Customer's Portfolio until May 31, 2024, at which point the Tier 3 report will be replaced with a Predictive Risk Profile of your Third Party.
While getting completed assessments is a struggle for everyone in the industry, we decided to develop an additional opportunity to succeed in our mission. Using advanced machine learning on our database of attested assessments coupled with outside-in data, we created a new technology in Predictive Risk Profiles (U.S. Patent Pending) with up to 91% accuracy. The CyberGRX Exchange now contains Predictive Risk Profiles on over 250,000 companies worldwide.
As our predictive technology is used by the majority of Top 50 Fortune companies, we have hit a critical milestone in our assessments offered: the data fidelity of our Predictive Risk Profiles is on par with or surpasses that of our Tier 3 assessment.
It is of the utmost importance for CyberGRX to maintain a high-quality standard for our data because it directly impacts the success of your Third Party Risk Management program. As our industry and technology evolve, we will continuously strive to improve our unique offering to drive value.
What does this mean for Third Parties?
Third Parties will no longer be able to maintain a Tier 3 assessment. Next time you make updates to your assessment - whether you do that as part of our Annual Refresh Process or independently to reflect new security controls - CyberGRX will upgrade your organization from a Tier 3 to a Tier 2 assessment. You will have additional questions to answer, but the end result will be a much more robust assurance asset for your customers.
A Tier 2 assessment provides confidence that you are a secure, trusted vendor for Exchange members, many of which represent top Fortune 50 companies across multiple industries. Additionally, a large majority of the assessments on the Exchange already are Tier 2 assessments. Tier 3 assessments comprise a small minority. Overwhelmingly, companies are more trusting of and expect their business partners to have a Tier 2 assessment. Click Here for more information on the differences between assessment tiers.
If you decide not to level up to a Tier 2 assessment, your existing Tier 3 assessment will remain in the CyberGRX Exchange until May 31, 2024, at which time it will be replaced with your Predictive Risk Profile.
If you have more questions, please reach out to your Customer Success Manager or your Assessment Coordinator.