SecurityScorecard has announced the availability of new professional advisory services to help customers consume its vendor cyber risk rating product. In doing so, it is tacitly admitting that risk ratings are not the easy solution they’ve been hyped to be.
On March 21, 2019 SecurityScorecard announced three new services that provide customers with access to advisors to help them conduct vendor security assessments.
“As the first to market with a professional services offering, SecurityScorecard was founded on a customer-centric approach to providing the most seamless and easy to implement security ratings platform in the world,” said Aleksandr Yampolskiy, CEO of SecurityScorecard. “With the addition of professional services to our award winning security ratings platform, SecurityScorecard is doubling down on our customer-centric commitment and plan to continue adding to these professional services to give our global customers cutting-edge insights and advice from trained security professionals.”
Vendor cyber risk ratings continue to grow in popularity, but they are not the simple solution to the third-party risk management problem that vendors would have us believe. SecurityScorecard’s announcement is a tacit admission to that fact, and it is very likely that BitSight and other major players in this space will soon follow suit.
Customers may find some value in these advisory services, but they should be cautious about building a program around a specific product. Info-Tech’s advice is to build the program and then find products that make the program more efficient and effective.
Dark web monitoring for supply chain risk is becoming a mandatory feature for cyber risk ratings providers. Panorays’ latest press release shows that it is catching up to the big players.
Normshield recently announced that it has licensed the FAIR model to allow customers to quantify supply chain security risk in terms of financial impacts. It is innovative, but is it useful?
BitSight Enterprise Analytics looks to increase the value proposition of using cyber risk ratings for internal risk management, but are they barking up the wrong tree? If you assume that cyber risk ratings are mostly useful for third-party risk management, you aren’t alone. BitSight is aiming to change that with its new Enterprise Analytics solution, but it may be chasing after the wrong audience.
Panorays has announced a partnership with Shared Assessments to provide Panorays customers with access to the Standard Information Standard (SIG) questionnaire. This is an innovative offering but may prove to be a mixed blessing.
RiskRecon and RSA have announced a partnership to bring RiskRecon’s third-party risk rating services to RSA’s Archer Governance, Risk and Compliance (GRC) system. This should be a welcome move for Archer customers.
BitSight, one of the leaders in cyber risk rating, has announced a new product to allow organizations to benchmark against their peers. Dubbed “Peer Analytics,” this service will interest companies where benchmarking is a compliance obligation.
SecurityScorecard, a leader in vendor cyber risk rating, has announced an initiative to help non-profit organizations with third-party risk management. Named Project Escher, this initiative demonstrates SecurityScorecard’s commitment to the non-profit sector.