top of page


  • Tech Journalist

CyberGRX and ServiceNow modernise risk assessment

Organisations that engage with multiple vendors, partners, and suppliers are have a lot of benefits. However, this also expands the threat landscape because each vendor, partner, or supplier may have different security practices, which makes them vulnerable to different types of cyberattacks. As a result, an organisation's risk exposure can increase significantly when working with multiple third-party entities.

For instance, if one of an organisation's vendors falls victim to a cyberattack, the attacker could gain access to sensitive information and systems of the organisation. Moreover, if one vendor has access to another vendor's systems, the compromise of the first vendor's systems could potentially lead to the compromise of the second vendor's systems and subsequently, the organisation's systems.

Having a comprehensive vendor risk management program in place is crucial for organisations to assess and mitigate risks associated with engaging with multiple vendors, partners, and suppliers. One such solution is ServiceNow Vendor Risk Management, which continuously monitors critical vendors, enabling businesses to evaluate, mitigate, and remediate risks.

However, ServiceNow VRM customers also require a way to streamline their third-party cyber risk program. This is where the integration with CyberGRX, a provider of third-party cyber risk data exchange, comes in. CyberGRX provides third-party threat intelligence, predictive risk insights, outside-in scanning and scoring, and a portfolio-wide view of security gaps.

With the integration, ServiceNow VRM customers now have access to CyberGRX's extensive third-party risk data, enabling them to prioritise risk actions and maintain constant visibility on emerging third-party threats.

The CyberGRX ServiceNow integration leverages the CyberGRX API to enable customers to create or link vendors to over 200,000 companies in the CyberGRX Exchange. Customers can complete eight impact questions to identify the inherent risk(s) posed by each vendor, including the probability of targeted attacks and potential harm to the business.

Customers can also request assessments on vendors, view assessment statuses, and review attested results, including assessment scores, findings, and the report PDF.

"More than 80% of the top 500 companies requested by customers are already on the Exchange. Coupling this data with advanced machine learning capabilities, we empower organisations to view, analyze, and share cyber risk data like never before," said Fred Kneip, CEO at CyberGRX. By partnering with other leaders in the risk management space, such as ServiceNow, we can develop revolutionary risk-reducing capabilities and programs together.

In the realm of cybersecurity, organisations need to have access to data they can trust. This integration allows organisations to make decisions, manage risks, and meet compliance with trusted data and insights, ultimately saving them money, time, and resources.


bottom of page