Thu, May 16, 2019

Case Study: Third-Party Cyber Risk Assessment Velocity Increased 400%

Using CyberClarity360TM, a large insurance company was able to significantly increase the speed of its cyber risk assessments of a global portfolio, comprising hundreds of outside law firms. In addition to the increased assessment efficiency, the company was able to deliver a holistic report to each partner law firm, outlining the firm’s performance relative to the NIST Cybersecurity Framework, peer benchmarking and performance data, as well as targeted remediation advice for any identified gaps.

As a result, the entire legal portfolio can now be evaluated at a fraction of the time, cost and effort the company was investing to perform the same work on only a subset of the portfolio. CyberClarity360 enables the company to make transparent risk-based decisions about its data and its legal vendors, implement compensating controls consistent with internal risk management methodologies, deploy and track remediation planning, and ensure that business owners fully understand the risks of their outside engagements.

The Situation

Faced with significant friction around its existing third-party cyber risk assessment methodology and regulatory pressure, a large insurance company needed to deliver an enhanced evaluation of its hundreds of outside law firms. Previous assessment processes took three to six  months to evaluate a single firm, requiring significant human capital from several business units (IT, risk, cyber, etc.) within the enterprise to complete a single assessment.

The Solution

CyberClarity360 provided a seamless solution to gain visibility into the organization’s third-party cyber risk. Built on the NIST Cybersecurity Framework, CyberClarity360’s maturity-based assessment methodology, evidence collection capabilities and algorithmic validation mechanisms ensured consistent results, with prompt and actionable mitigation steps. In combination with our suite of managed services, this solution now empowers the company’s security teams to move faster and support the entire third-party risk management lifecycle.

The Result

Leveraging CyberClarity360 and managed services from Kroll, a division of Duff & Phelps, the company increased its assessment throughput by 400% while simultaneously achieving regulatory compliance; gaining additional insight into the risk posture of its outside law firms; aligning its own risk methodology with the overall corporate risk framework; and significantly reducing the human capital previously required in such processes.

The Kroll Difference

Built from the ground up to deliver an industry-leading combination of velocity, breadth and depth, CyberClarity360 enabled the company to fully understand its third-party cyber supply chain risk. Backed by hundreds of cyber professionals who respond to thousands of incidents every year, CyberClarity360 incorporates global regulatory standards as well as industry best practices into a software-enabled assessment platform. The solution, in combination with managed services, supercharges the entirety of the third-party risk management lifecycle, and includes collection, validation, virtual or on-site audits, risk identification, remediation planning and ongoing monitoring.

Learn more at


Optimized Third-Party Cyber Risk Management Programs

Manage risk, not spreadsheets. Identify and remediate cybersecurity risks inherent in third-party relationships, helping achieve compliance with regulations such as NYDFS, FARS, GDPR, etc.

Cybersecurity Due Diligence for M&A

Pre and Post-transaction assessment can uncover costly risks.

Cyber Risk Assessments

Kroll's cyber risk assessments deliver actionable recommendations to improve security, using industry best practices & the best technology available.

Third Party Cyber Audits and Reviews

Ensure that your third parties are handling sensitive data according to regulatory guidelines and industry standards with our cyber audits and reviews.