It’s estimated that over 65% of security breaches are attributable to third-party failures. The pandemic has heightened the concern among legal and compliance leaders, 52% of whom worry about the risks posed by remote work.
VisibleRisk claims its cyber ratings are based on “cyber risk quantification,” which allows companies to benchmark their risks against those of peers. Combining economic, cybersecurity, and industry data, VisibleRisk aims to arrive at a holistic, validated set of factors affecting a firm’s security posture — and to quantify those risks in economic terms.
VisibleRisk offers real-time monitoring, custom reporting, and analysis, as well as transparency into the variables that determine a cyber rating. The platform takes into account multiple factors, including an organization’s susceptibility to attack given their business profile, the overall attractiveness to adversaries, and the strength of their security controls and mitigation efforts. Beyond this, VisibleRisk looks at a business’ ability to reduce and absorb the financial impact of a cyber attack through the use of mitigation activities. Insurance and cash reserves also affect cyber risk scores, as well as investments in activities like third-party oversight, security culture, and crisis response.
How it works
VisibleRisk starts by understanding a company’s technology environment. After onboarding, it creates a project plan aligned with the customer’s requirements. Then VisibleRisk collects and analyzes internal and external data leveraging its toolset, applying algorithms and statistical models to generate a cyber risk rating. VisibleRisk also maps the results to commonly used frameworks so that security teams can align them with existing controls. And VisibleRisk reviews its findings with stakeholders to confirm the accuracy of the data, in collaboration with a customer’s board and executives.
For example, VisibleRisk says it worked with Arvest Bank, a U.S. regional bank, to support the organization’s shift to cyber risk quantification (CRQ). Using CRQ, Arvest collaborated with VisibleRisk to measure the frequency and impact of cyber events in the context of its governance, defensive capabilities, and threat intelligence. Arvest then began the process to catalog, prioritize, and implement controls for reducing the impact of specific scenarios.
“VisibleRisk cyber rating and monitoring platform enables business leaders to better understand and manage cyber risk as they would financial risk, quantifying it in economic terms. This allows business leaders to track their cyber risk exposure and monitor the impact of changes to technology, policies, procedures, and the broader cyber risk landscape on their overall risk profile,” VisibleRisk cofounder and CEO Derek Vadala told VentureBeat via email. “At a time of intense digital transformation and a rising tide of threats combined with hybrid working globally, confidence in a business’ digital infrastructure is paramount.”
The global cybersecurity market size is anticipated to reach $199.98 billion by 2025, according to the latest report by Market Research Future. VisibleRisk has competition in Viso Trust, which assesses third-party cybersecurity risk with AI. There’s also cybersecurity ratings platform SecurityScorecard. Another cyber risk management startup, RiskLens, recently raised $20.55 million.
For Moody’s, the investment in New York-based, 44-employee VisibleRisk, which has around 10 customers, was funded with cash on hand. Team8 also participated.
Via Venturebeat