CyberGRX Case Studies A Force Multiplier for Third-Party Cyber Risk Management: Blackstone's Case Study

Edit This Case Study Record

	A Force Multiplier for Third-Party Cyber Risk Management: Blackstone's Case Study CyberGRX

A Force Multiplier for Third-Party Cyber Risk Management: Blackstone's Case Study

CyberGRX

Technology Category	Platform as a Service (PaaS) - Application Development Platforms Sensors - Haptic Sensors
Applicable Industries	Telecommunications
Use Cases	Cybersecurity Inventory Management
Services	Cybersecurity Services
Challenge	Blackstone, a leading investment firm, faced a significant challenge in managing its third-party cyber risk. With a rapidly growing business, a robust vendor ecosystem, and a portfolio of over 100 companies, Blackstone needed a solution that could efficiently and effectively manage its third-party cyber risk. The existing risk management program, initiated in 2012, was based on spreadsheets and phone calls, which was not scalable to keep up with the 4 to 6 new vendors coming on board every month. This challenge was not unique to Blackstone, as their entire portfolio of companies shared the same issue. The companies were using different methodologies to support their risk programs, there was a lot of overlap among common vendors being assessed by multiple companies, and findings from assessments were rarely shared. Read More
About Customer	Blackstone, founded in 1985, is one of the world’s leading investment firms. They seek to create positive economic impact and long-term value for their investors, the companies they invest in, and the communities in which they work. They do this by using extraordinary people and flexible capital to help companies solve problems. Blackstone has a solid ecosystem of over 3,000 vendors, while their portfolio, which includes over 100 companies, has tens of thousands of vendors. As their business grew rapidly, they faced the challenge of managing third-party cyber risk in an efficient and scalable manner. Read More
Customer Name	Blackstone Read More
Solution	Blackstone turned to CyberGRX's platform to create a more efficient third-party risk management program. The platform provided Blackstone with greater insight into which risks needed to be prioritized for mitigation. It enabled Blackstone to risk rank their vendors, issue appropriately tiered assessments, and get a clear understanding of which third parties posed the greatest risk. The advanced analytics of the CyberGRX platform helped Blackstone prioritize the critical areas of risk and enabled them to have risk-based discussions with their vendors and business partners. Furthermore, once a vendor completed an assessment and posted it to the CyberGRX Exchange, that assessment became available to any one of Blackstone’s portfolio companies who were also using CyberGRX. This significantly reduced the waste and overlap of redundant assessment requests between and among Blackstone and its portfolio. Read More Log in to view content
Contents

Technology Category

Platform as a Service (PaaS) - Application Development Platforms

Sensors - Haptic Sensors

Applicable Industries

Telecommunications

Use Cases

Cybersecurity

Inventory Management

Services

Cybersecurity Services

Challenge

Blackstone, a leading investment firm, faced a significant challenge in managing its third-party cyber risk. With a rapidly growing business, a robust vendor ecosystem, and a portfolio of over 100 companies, Blackstone needed a solution that could efficiently and effectively manage its third-party cyber risk. The existing risk management program, initiated in 2012, was based on spreadsheets and phone calls, which was not scalable to keep up with the 4 to 6 new vendors coming on board every month. This challenge was not unique to Blackstone, as their entire portfolio of companies shared the same issue. The companies were using different methodologies to support their risk programs, there was a lot of overlap among common vendors being assessed by multiple companies, and findings from assessments were rarely shared.

About Customer

Blackstone, founded in 1985, is one of the world’s leading investment firms. They seek to create positive economic impact and long-term value for their investors, the companies they invest in, and the communities in which they work. They do this by using extraordinary people and flexible capital to help companies solve problems. Blackstone has a solid ecosystem of over 3,000 vendors, while their portfolio, which includes over 100 companies, has tens of thousands of vendors. As their business grew rapidly, they faced the challenge of managing third-party cyber risk in an efficient and scalable manner.

Customer Name

Blackstone

Solution

Blackstone turned to CyberGRX's platform to create a more efficient third-party risk management program. The platform provided Blackstone with greater insight into which risks needed to be prioritized for mitigation. It enabled Blackstone to risk rank their vendors, issue appropriately tiered assessments, and get a clear understanding of which third parties posed the greatest risk. The advanced analytics of the CyberGRX platform helped Blackstone prioritize the critical areas of risk and enabled them to have risk-based discussions with their vendors and business partners. Furthermore, once a vendor completed an assessment and posted it to the CyberGRX Exchange, that assessment became available to any one of Blackstone’s portfolio companies who were also using CyberGRX. This significantly reduced the waste and overlap of redundant assessment requests between and among Blackstone and its portfolio.

Impact #1	The implementation of the CyberGRX platform has brought about significant operational improvements for Blackstone. The platform's advanced analytics have helped Blackstone prioritize critical areas of risk, enabling them to have risk-based discussions with their vendors and business partners. The CyberGRX Exchange model has also significantly reduced the waste and overlap of redundant assessment requests between and among Blackstone and its portfolio. This has allowed Blackstone to focus more resources on risk management, reduction, and mitigation efforts, rather than on the tedious work of swapping spreadsheets and making extended phone calls with vendors. Furthermore, with the CyberGRX platform up and running, Blackstone now has continuous insight into the threats posed by their ecosystem, without adding additional overhead.

Impact #1

The implementation of the CyberGRX platform has brought about significant operational improvements for Blackstone. The platform's advanced analytics have helped Blackstone prioritize critical areas of risk, enabling them to have risk-based discussions with their vendors and business partners. The CyberGRX Exchange model has also significantly reduced the waste and overlap of redundant assessment requests between and among Blackstone and its portfolio. This has allowed Blackstone to focus more resources on risk management, reduction, and mitigation efforts, rather than on the tedious work of swapping spreadsheets and making extended phone calls with vendors. Furthermore, with the CyberGRX platform up and running, Blackstone now has continuous insight into the threats posed by their ecosystem, without adding additional overhead.

Benefit #1	CyberGRX significantly reduced the time required for Blackstone to conduct third-party cyber risk assessments.
Benefit #2	In the first year partnering with CyberGRX, Blackstone anticipates it will assess 3x the number of vendors than were previously assessed.
Benefit #3	Blackstone has been able to reduce the resources allocated to their previously inefficient assessment process, from 1 to .5 FTE.

Benefit #1

CyberGRX significantly reduced the time required for Blackstone to conduct third-party cyber risk assessments.

Benefit #2

In the first year partnering with CyberGRX, Blackstone anticipates it will assess 3x the number of vendors than were previously assessed.

Benefit #3

Blackstone has been able to reduce the resources allocated to their previously inefficient assessment process, from 1 to .5 FTE.

Download PDF Version

Overview

A Force Multiplier for Third-Party Cyber Risk Management: Blackstone's Case Study

Operational Impact

Quantitative Benefit