CyberGRX, the provider of a third-party cyber risk management platform, announced Tuesday (April 18) that it has raised $20 million in Series B funding.
In a press release, CyberGRX said the round was led by Bessemer Venture Partners and included participation from existing investors Aetna Ventures, Allegis Capital, ClearSky, GV (formerly Google Ventures), MassMutual Ventures, Rally Ventures, TenEleven Ventures and several other strategic investors.
CyberGRX said it will use the funding to accelerate adoption of the CyberGRX Exchange, which it claims is the world’s first global third-party cyber risk management (TPCRM) exchange.
“For an enterprise today, managing cyber risk requires visibility into the extended network of vendors who store information about us,” said David Cowan, the BVP partner joining CyberGRX’s board of directors. “The CISO’s we surveyed overwhelmingly look to CyberGRX to help them identify, assess and remediate cyber risks in their extended networks.”
According to CyberGRX, as a company’s digital ecosystem grows and becomes more interconnected, the volume and complexity of security and risks from third parties — such as contractors, vendors, partners and customers — only grows. CyberGRX cited PwC’s 2016 Global State of Information Security report, which found third-party contractors are the biggest source of security incidents outside of a company’s employees.
At the same time that the risk is increasing, the third-party cyber risk management process is largely driven by sharing spreadsheets and trusting unvalidated assessments. The CyberGRX Exchange brings efficiency to this process while providing boardroom-level information about real-time cyber risk exposure across an enterprise’s entire ecosystem of third parties, the company said in the release.
The CyberGRX Exchange was launched in March and is aimed at making it simple and cost-effective for enterprises to get up-to-date access to third parties’ cyber risk assessments. The CyberGRX Exchange delivers standardized assessments, analytics, remediation management and real-time threat intelligence updates to enterprises and their third parties.