Third Party Cyber Risk Assessment: Velocity Increased 400%

We are all familiar with the time and cost pressures on legal teams today. Risk assessment and compliance can be time-consuming activities that bear high consequences if not done correctly.

A large insurance client was able to significantly increase the speed and efficiency of their cyber risk assessments of a global portfolio of hundreds of outside law firms by utilizing CyberClarity360TM, a Duff & Phelps product. In addition, this client was able to deliver a report to each partner law firm containing their performance relative to the NIST Cybersecurity Framework, peer benchmarking and performance data, and targeted remediation advice for any identified gaps.

As a result, the entire legal portfolio can be evaluated at a fraction of the time, cost, and effort as it previously took to undertake the same work on only a subset of the portfolio. CyberClarity360TM enables clients to:

  • make informed risk-based decisions about their data and legal vendors,
  • implement compensating controls consistent with internal risk management methodologies,
  • deploy and track remediation planning with legal vendors, and
  • ensure business owners fully understand the risks of their outside engagements.

The Situation

When a large insurance company were faced with significant friction around their existing third-party risk assessment methodology and regulatory drivers around evaluating such risks, they engaged Duff & Phelps to deliver enhanced evaluation of their hundreds of outside law firms. Previous assessment processes ranged from 3-6 months to evaluate a single firm, requiring significant human capital from other business units (IT, Risk, Cyber, etc.) within the enterprise to complete this single assessment.

The Solution

CyberClarity360TM provides a seamless solution to gain visibility into an organization’s third-party cyber risk. Built on the NIST Cybersecurity Framework, CyberClarity360 TM  uses maturity-based assessment methodology, evidence collection capabilities, and algorithmic validation mechanisms to ensure that results are consistent, prompt, and actionable. In combination with managed service offerings, this solution can empower existing client teams to move faster or deliver the entire lifecycle from end to end.

The Result

Leveraging CyberClarity360 and managed service support from Duff & Phelps, our client increased their assessment throughput by 400%, while simultaneously achieving regulatory compliance., gaining additional insight into the risk posture of their outside law firms, consistently aligning their own risk methodology with the overall corporate risk framework. They achieved all of this whilst significantly reducing human effort required to achieve these results.

The Duff & Phelps Difference

Built from the ground up to deliver an industry-leading combination of velocity, breadth, and depth, CyberClarity360TM enables clients to fully understand their third-party cyber supply chain risk. Backed by hundreds of cyber professionals, and thousands of incident responses each year, CyberClarity360TM incorporates global regulatory standards, as well as industry best practices into a software-enabled assessment platform. This software, in combination with managed services, supercharges the entirety of the Third-Party Risk Management lifecycle, including Collection, Validation, Virtual or On-Site Audits, Risk Identification, Remediation Planning, and Ongoing Monitoring.

Learn more about CyberClarity360TM, and the Duff & Phelps Difference, at cyberclarity360.com

View and Download Article