Thu, Jul 30, 2020

CyberClarity360 Express Helps Fortune 25 Technology Client Identify and Prioritize Legal Vendor Cyber Risk

With the rapid increase in remote working during the COVID-19 pandemic, and elevated cyberattacks against professional services firms, a Fortune 25 software company sought to understand the cyber risk exposure across their portfolio of intellectual property (IP) law firms within a limited time window, leveraging Kroll CyberClarity360™ Express to rapidly and non-invasively evaluate nearly 60 firms worldwide within a matter of days.

Kroll CyberClarity360 Express requires no action from either the client or the firms to assess cyber risk exposure through the eyes of an attacker. The algorithmic ranking and analysis engine identified high, medium and low risk firms, and delivered prioritized remediation advice for each risk pool, allowing the client to move forward in their vendor cyber risk management efforts with confidence.

The Situation

Despite having internal vendor acquisition processes in place, previous assessments for approximately 60 IP law firms in North America, Europe and Asia were limited to self-attestations of 100% compliance, without validation or prioritization. This methodology did not reflect recent changes in the threat landscape brought on by the global COVID-19 pandemic. Instead of engaging each firm directly, which would demand a significant amount of time and resources, the client turned to CyberClarity360 Express.

The Solution

Designed to understand cyber risk exposure with high velocity and low friction, CyberClarity360 Express empowers organizations to move faster when identifying risk and increases their ability to manage legal vendor cyber risk  across the entire relationship lifecycle. In this specific engagement, CyberClarity360 Express identified the size and scope of each firm’s digital presence, noting weaknesses in software patching, encryption or login pages, and surfaced firm usernames and passwords being openly trafficked by malicious actors. The algorithmic engine calculated a risk score for each firm against not only their absolute performance, but also their performance relative to industry peers. 

The Result

CyberClarity360 Express assessed the entire portfolio of approximately 60 IP firms in less than a week. Data volumes exchanged with each firm, represented by active matters, were cross-referenced against cyber risk exposure, enabling Express to identify firms as high, medium or low risk. Each risk group received a comprehensive action plan, prioritized against known cyber risks. Tailoring diligence efforts based on quantifiable cyber risk exposure empowered the client to gain buy-in from both internal and external stakeholders as they moved forward with their action plans.

The Kroll Difference

Built from the ground up to deliver an industry-leading combination of velocity, breadth and depth, Kroll CyberClarity360 Express enables clients to fully understand their third-party cyber supply chain risk. Backed by hundreds of cyber professionals, and frontline insight gained from thousands of cyber investigations per year, CyberClarity360 Express incorporates global regulatory standards and industry best practices into a software-enabled assessment platform. This software, in combination with managed services, supercharges the entirety of the third-party risk management lifecycle, including collection, validation, virtual or on-site audits, risk identification, remediation planning and ongoing monitoring.

Learn more about CyberClarity360 Express and the Kroll difference at

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Optimized Third-Party Cyber Risk Management Programs

Manage risk, not spreadsheets. Identify and remediate cybersecurity risks inherent in third-party relationships, helping achieve compliance with regulations such as NYDFS, FARS, GDPR, etc.

Third Party Cyber Audits and Reviews

Ensure that your third parties are handling sensitive data according to regulatory guidelines and industry standards with our cyber audits and reviews.


Efficiently assess and confidently track the security and resilience of third parties with CyberClarity360, a robust third-party cyber risk management solution.

Data Breach Call Center Services

A notification letter can generate lots of questions for those affected by a data breach. Kroll’s call center services are provided by skilled representatives who know how to handle difficult questions and stand at the ready to serve your breached population.