Resilience launches new tool to combat vendor cyber risk

Resilience has introduced its Vendor Risk Report (VRR) to help UK enterprises assess and mitigate risks associated with their third-party vendors.

Addressing the financial implications of cyber risk, Resilience emphasises the importance of a proactive approach to managing vendor risk, as over 47% of UK businesses reported experiencing significant disruptions due to vendor breaches last year. This statistic, revealed in a survey conducted by Resilience in partnership with YouGov, highlights the substantial gap between vendors' perceived and actual security strength.

"Over the past year, more than a third of the claims in our portfolio were related to third-party incidents, and in a startling new trend, twenty percent of claims with covered losses in 2024 stem from a vendor related incident. Even if a company has an airtight security posture of its own, it can still be at the mercy of its partners' vulnerabilities. But enterprises can't mitigate third-party risk if they can't see it," stated Ann Irvine, Chief Data and Analytics Officer at Resilience. "Our new offering solves this pain point. It builds on our long-held belief that companies need to be proactive, not reactive, in understanding exactly where their risk is and taking actionable steps to mitigate material loss."

The VRR tool allows customers to gain insights into potential vulnerabilities by integrating vendor monitoring directly within the Resilience platform. This addition seeks to offer an all-encompassing view of cybersecurity threats, providing significant advantages over existing industry solutions that require multiple platforms for risk insights.

The VRR provides comprehensive risk snapshots, summaries of digital assets at risk, and industry risk insights, in addition to real-time alerts on potential threats. These features are tailored to allow businesses to understand the vulnerabilities of vendors that could be exploited by cybercriminals. The VRR covers IT, security, supply chain, payroll, and other categories of vendors, addressing current partners and those under evaluation.

The reliance on interconnected systems has made organisations more susceptible to cascading effects of breaches, as seen in 2024 incidents with Change Healthcare and CDK Global. The introduction of the VRR represents a step forward in managing these threats by providing continuous monitoring and critical alerting capabilities.

"Existing industry solutions for managing vendor risk tend to fall short. They lack integration with their risk management platforms, slowing access to timely insights by requiring additional legwork for enterprise customers to locate siloed request forms. In contrast, Resilience's user-friendly, integrated VRR experience lives in a centralized dashboard so clients can near-instantly view vendor risk levels and critical alerts without ever having to leave the platform," noted Irvine, highlighting the operational efficiencies of the VRR.

Despite the rising threat of ransomware and other significant cyber risks, these are often underestimated by business leaders, according to Resilience. The introduction of VRR is therefore intended to empower enterprises with the tools needed to adopt a more robust cybersecurity posture.

Resilience customers can immediately request VRRs for any of their vendors of choice via the Resilience Cyber Risk Profile Builder platform, enriching their assessment capabilities with timely information and insights.