CyberGRX looking for UK channel partners

Global cyber risk exchange CyberGRX brings partner programme to the UK

Posted 8 March 2021 by Christine Horton

Global cyber risk exchange CyberGRX is bringing its partner programme to the UK.

CyberGRX’s Global Partner Programme comprises four-tiers and incentivises partners based on their level of commitment to the firm. Resellers, systems integrators, consultancies, MSSPs and distributors can all receive a guaranteed margin structure to help drive a predictable revenue stream. Under the programme, partners have access to joint marketing campaigns, market development funds, internal comp neutrality, deal registration, co-selling and sales incentives.

Partners will initially be able to take advantage of training from CyberGRX so that they understand the third-party cyber risk management (TPCRM) components that create an effective risk management strategy to protect businesses. The programme will then guide partners through the sales process and provide guaranteed margin on every sale allowing for a more predictable revenue stream.

With more than 60 percent of all breaches linked to a third party, CyberGRX says organisations are looking for solutions to better manage third-party cyber risk. However, it claims current third-party cyber risk management (TPCRM) practices are difficult to manage at scale, draining human and financial resources, and providing limited value in return.

Its own offering, CyberGRX Exchange, provides organisations with a validated and standardised data set “so they can make rapid, informed decisions and reduce risk in their shared ecosystems.”

“Third-Party Cyber Risk Management is something every company is talking about today,” said Walter Specht, director of worldwide channel development & alliances at CyberGRX. “We bring relevance to every potential discussion our partners are having with every one of their customers and prospects.

“As we bring partners on, we continually evaluate their coverage ability, the number of partners in a region and the addressable market now and over time. We want to make sure we balance that effective coverage without diluting revenue for those partners who invest precious time and resources in CyberGRX. Business models are different from region to region, those unique business models will also help drive the fluidity of our recruiting targets.”

Regulatory requirements

CyberGRX recently announced a strategic partnership with RiskRecon, a Mastercard company, to provide organisations with a complete, contextual view of their third-party cyber risk posture. As a result, CyberGRX customers and partners can now view RiskRecon ratings for every vendor in the CyberGRX Exchange based on continuously updated data.

The customisable interactive widget enables users to drill down for detailed information on the ratings, which are uniquely risk prioritised based on a combination of issue severity and asset value. In addition, joint customers can easily login to the RiskRecon console through the widget.

“There are many sectors in the UK that have strong regulatory requirements around managing third-party supplier and vendor risk,” said Max Dalziel, EMEA director of strategic accounts at CyberGRX. “For large corporate enterprises that can span hundreds of thousands of businesses which can all pose a risk in terms of bribery and corruption, business continuity, corporate responsibility and, in a lot of cases, cyber security and data privacy.

“Given the regulatory requirements, organisations conduct initial and ongoing third-party risk management traditionally on a one-to-one basis which is incredibly inefficient, expensive and difficult to scale. At CyberGRX, we realised that everybody’s asking the same questions in a slightly different fashion, and it takes a huge amount of time to chase people for answers. In response, we have created a robust risk exchange, populated with a standardised set of data, that allows customers to quickly identify and reduce risk while enabling suppliers to respond to one comprehensive cyber risk and privacy assessment that can be shared with many, reducing the time they spend on assessments and allowing them to spend more time on risk mitigation.”