CyberGRX Launches Portfolio Risk Findings to Help Customers Identify Their Riskiest Vendors

2 minute read

February 2023

February 22, 2023 CyberGRX, provider of the world’s first and largest global risk exchange, today announced the launch of a new capability, Portfolio Risk Findings. Customers can now gain visibility into their organization’s specific control coverages gapped by the riskiest third parties through the lens of any framework or threat profile.  

With Portfolio Risk Findings, CyberGRX leverages both attested data and predictive risk profiles (US patent pending) to provide a detailed report on customers’ riskiest vendors and their specific unmet gapped controls. CyberGRX data is measured against control coverage and a selected framework—whether industry standard or custom—or threat profile of their choosing to return a score between 1% to 100%. This score will help customers identify where third parties fall on the risk spectrum, from high risk to low risk. Not only will customers have visibility into their riskiest third parties, but they’ll be able to filter their vendors by each unmet control to gain a new perspective on where their greatest risk lies. Customers can also filter results to identify potential business exposure of a security incident based on the nature of the relationship with the third-party. 

“Our goal with Portfolio Risk Findings is to help our customers find that ‘needle in a haystack.’ Given the sheer amount of vendors, partners and suppliers organizations have, along with an evolving threat landscape, it is no longer enough to just know that a third-party is ‘risky’, but where these risks lie and how critical they are to your company,” said Fred Kneip, CEO at CyberGRX. “To drive more efficiency in risk management, security teams need to understand which vendors they need to focus on and have the tools readily available to quickly mitigate risk. No other third-party risk management company provides this level of visibility and that’s what makes our platform so revolutionary.” 

The announcement of the Portfolio Risk Findings comes on the heels of the company’s launch of a Predictive Data tool for the Attack Scenario Analytics feature. This feature allows organizations to evaluate levels of risk posed by a third party against 13 key security categories established by the MITRE ATT&CK™ framework. The addition of these capabilities to the CyberGRX Exchange platform provides a central location where stakeholders, cyber defenders, and vendors can see the gaps in controls and where third parties are not meeting quality standards in their on risk posture, allowing the vendor themselves to assess and take steps to ensure proper cyber defenses. By doing so, organizations can spend less time researching and tackling concerns that may be of low impact and systematically focus on the high and medium-level threats.

Learn more about Portfolio Risk Findings or book a personalized demo to uncover your risks.

Related Articles

About Us

ProcessUnity is a leading provider of cloud-based applications for risk and compliance management. The company’s software as a service (SaaS) platform gives organizations the control to assess, measure, and mitigate risk and to ensure the optimal performance of key business processes. ProcessUnity’s flagship solution, ProcessUnity Vendor Risk Management, protects companies and their brands by reducing risks from third-party vendors and suppliers. ProcessUnity helps customers effectively and efficiently assess and monitor both new and existing vendors – from initial due diligence and onboarding through termination. Headquartered outside of Boston, Massachusetts, ProcessUnity is used by the world’s leading financial service firms and commercial enterprises. For more information, visit