Optimised Third-Party Cyber Risk Management Programmes
Identify and remediate cybersecurity risks inherent in third-party relationships, helping achieve compliance with both global and APAC regional regulations such PDPA, MAS TRM, PDPO, RMIT, GDPR, and more.Contact Us
Third-party relationships can add significant value to a business, but they can also come with their own set of risks. When an incident impacts a company’s clients, it doesn’t matter if it was caused by a third party – customers will hold an organisation responsible for the harm. When a company’s reputation and financial stability are on the line, they need to have a handle on managing third-party cybersecurity risks. They need an understanding of the cybersecurity and resilience of their third parties. Most importantly, they need to know whether a third-party partner is providing adequate security and protection for their sensitive data.
Kroll's Third-Party Cyber Risk Management (TPCRM) services can provide a comprehensive view of risks that supports robust cybersecurity strategies and regulatory compliance. Our team has unique insight that can only be obtained from in-house experience managing third-party risk and responding to over 3,000 different cyber incidents a year using cutting edge technology.
All TPCRM solutions offered by Kroll are designed to be transparent and produce actionable solutions. Our practical approach ensures clients have the strategic foundation they need to strengthen relationships and improve confidence in partnerships with vendors and other third parties.
Third-Party Cyber Risk Management: Objective and Expert Guidance
We’ve designed our vendor risk management services to deliver an in-depth evaluation of the security risks posed by third-party organisations. Our core services are listed below.
CyberClarity360™ Third-Party Cyber Risk Management Platform
CyberClarity360™ is a highly advanced technology solution that helps organisations assess and monitor the security and resilience of their third-party partners. The CyberClarity360™ platform quantifies cyber risks through a transparent scoring and analysis system designed to deliver unique insights and identify areas of risk that might otherwise be overlooked – both at the control level and on a portfolio-wide basis –to help organisations make informed decisions.
CyberClarity360 is a widely recognised solution trusted by some of the largest organisations in the world – including companies listed on the Fortune 50 and FTSE 100 – to effectively manage third-party cyber risks.
Increase Velocity and ReachAutomated collection of assessments reaches more vendors in a shorter period of time
Validate ResponsesSmart algorithms highlight incomplete and inconsistent responses
Identify Compliance and Control GapsMap assessment results against recognised security and regulatory frameworks, including NIST CSF and CIS, to identify control gaps
Generate and Track RemediationReceive tailored remediation advice and validation
Real-Time Risk MonitoringLive dashboards and reporting to track the risk disposition and acceptance
By using CyberDetectER DarkWeb CyberDetectER® DarkWeb to track third-party data on the dark web, an organisation can potentially identify exposures stemming from vendors, suppliers, or other third-party partners.
For example, CyberDetectER DarkWeb detected the disclosure of some highly confidential and privileged documents belonging to a Kroll client, a Fortune 100 global financial services firm, on public peer-to-peer (P2P) file-sharing networks. Our team traced the source of the disclosure and determined that a paralegal at one of the client's outside law firms had unintentionally disclosed the information while accessing free media on P2P networks. Had these files remained accessible, they could have lost their privileged classification and become subject to discovery by opposing counsel, potentially exposing the client’s legal strategy.
Strategic Program Advice
Kroll offers advisory services advisory services in Singapore, Hong Kong, across Asia and worldwide to support CISOs and organisations in developing their cybersecurity strategies and programmes. We also assist with setting and monitoring TPCRM programs, providing security assessments and remediation guidance, assessing on-premise and cloud security solutions, mapping data, developing incident response plans, personnel training and others services related to third-party risks.
Cybersecurity Program Evaluation
We will perform a comprehensive assessment a third party's security programme, focusing on their ability to defend against and respond to cyber threats and mitigate the risks of suffering a security breach. Kroll uses industry standard security frameworks – including NIST, CIS Controls™, ISO, etc. – and compliance with relevant regulatory requirements, including Singapore’s Personal Data Protection Act (PDPA) including the Monetary Authority of Singapore’s Technology Risk Management Guidelines (MAS TRM); Hong Kong’s Personal Data Privacy Ordinance (PDPO); the Bank Negara of Malaysia’s Risk Management in Technology policy (RMIT); and the EU General Data Protection Regulation (GDPR), among others.
Our penetration tests are designed to simulate real-world attack scenarios to attempt unauthorised access to an organisation’s assets. We conduct internet reconnaissance to identify publicly accessible information that might aid an attack as part of the testing. Targeted phishing exercises are also included.
Kroll’s vulnerability tests determine whether there are vulnerabilities in an organisation’s data security program that could be exploited by attackers. We use state-of-the-art vulnerability assessment tools to identify potential security weaknesses in the organisation’s environment.
Global Risk Management Expertise
The success of Kroll’s end-to-end TPCRM solutions is fueled by our unrivaled expertise in cyber risk management and the frontline insights obtained by responding to more than 3,000 cyber incidents a year. Our clients also benefit from our vast experience ensuring compliance with a host of regulatory systems, including European data protection laws, US HIPAA, PCI DSS, CASL, and Hong Kong's DPO Principle 4, among others. The professionals on Kroll’s Cyber Risk team have decades of experience handling data security in a wide range of industries and serving in a number of international law enforcement and regulatory agencies:
- Hong Kong Police Force
- Federal Bureau of Investigation (FBI)
- U.S. Department of Justice (DOJ)
- UK Intelligence and Policing
- Securities and Exchange Commission (SEC)
- U.S. Department of Homeland Security (DHS)
- U.S. Secret Service (USSS)
- U.S. Attorney's Office