Contact Us

Contact Us

Please get in touch using the form below

1000 characters left
View our privacy policy

Overview

Assess, identify and remediate third party security risks with confidence

While third parties can add great value to your organisation, they also present significant security risks. In a 2021 report by the Ponemon Instite and SecureLink, 74% of companies breached within the previous 12 months stated that the cause was granting too much privileged access to third parties.

When an incident affects your customers, it won’t matter if the root cause was a third party – your organisation will be held accountable for the consequences. With your reputation and revenue on the line, how are you managing third party security risks?

Kroll’s third party cyber risk management services provide multidirectional insight to support robust cyber security strategies and meet regulatory requirements. Services include:

Clarity360™ platform
Strategic program advice
Security program assessment

Clarity360™

Clarity360™ third party cyber risk management platform

Clarity360™ is a field-proven solution trusted by some of the world’s largest organisations to deliver key advantages for managing third-party cyber risk.

Clarity360 streamlines decision-making and simplifies the process of understanding the cyber security and resilience of external partners. Clarity360 quantifies cyber risk through a transparent scoring and analysis system designed to deliver unique insights, better inform risk-related decisions and offer perspectives on often overlooked areas.

Increase velocity and reach

Automate assessment collection to reach more vendors in less time

Validate responses

Smart algorithms uncover incomplete and inconsistent answers

Identify compliance and control gaps

Map assessment results against security and regulatory frameworks, such as NIST CSF and CIS, to identify control gaps

Generate and track remediation

Tailored remediation advice and remediation validation

Real-time risk monitoring

Live dashboards and reporting capabilities, risk disposition and acceptance tracking

Features

Supply chain due diligence service features

Dark web monitoring

Our dark web monitoring services enable organisations to proactively monitor, detect and respond to threats virtually anywhere – on endpoints and throughout the surface, deep and dark web.

Strategic program advice

We provide advisory services to support organisations with their cyber security strategy, including program setup, assessment guidance, remediation management, risk committee meetings, evaluation of on-premise and cloud-based security solutions and incident response planning.

Cyber security program assessment

We can undertake a detailed assessment of the maturity of the third party’s security program and its ability to defend against and respond to cyber security threats. We work to standard security frameworks such as NIST, CIS Controls™ and ISO and can support regulatory requirements including HIPAA, SEC and GDPR.

Penetration testing

The goal of a penetration test is to simulate a real-world attack by attempting to gain access to corporate assets from the internet. Our pen testing services include investigations to identify publicly accessible information that may aid in the attack, as well as targeted phishing exercises.

Vulnerability assessment

The goal of a vulnerability assessment is to assess whether there are any security vulnerabilities which may be exploitable by attackers. Kroll harnesses advanced vulnerability assessment tools to identify potential security vulnerabilities in the corporate environment.

Global risk management expertise

Our end-to-end third party cyber risk management platform solutions are powered by our unrivalled expertise in cyber risk management and the insight acquired by handling more than 3,200 cyber incidents every year. Many of our risk professionals bring years of unique experience in a variety of industries as well as from former service with law enforcement and regulatory agencies.

Find out more

Get in touch

FAQ

Supply chain due diligence FAQs

What is third party cyber risk?

Third party or supply chain risk is any type of risk presented to an organisation by its supply chain or other external parties with access to its data, systems or privileged information. This could be a data breach, organisational damage, IP theft or other security incident. Third parties include vendors, suppliers, consultants and contractors.

What is third party risk management?

Third party risk management (TPRM) is a type of risk management which looks specifically at identifying and reducing the risks related to the use of third parties. It gives organisations an in-depth understanding of the third parties they work with and the quality of the safeguards those third parties have in place. The specific nature and scope of a third-party risk management program will be defined by each particular organisation.

Which type of third party risk do organisations often overlook?

Managing third party risk should not be regarded as a “set-and-forget” security practice. Many organisations fail to recognise the importance of regularly reviewing the risks within their supply chain. They also overlook the fact that different types of relationships with the same vendor can create different levels of risk. Organisations are also vulnerable when a lack of resources or traceability means that they are unable to keep up with tracking and assessing their supply chain risk.

Which risks can third party cyber due diligence protect my organisation from?

Supply chain due diligence can significantly reduce, mitigate or remediate many types of risks created by third party relationships, including:

  • Credential theft
  • Data exfiltration
  • Intellectual Property (IP) theft
  • Network Intrusion
  • Spear phishing
When is a good time for an organisation to undertake third party due diligence?

Because no organisation works in isolation, it is critical to undertake third party due diligence practices on an ongoing basis. In addition to this, organisations should conduct checks when embarking on working with a new vendor or supplier. Companies should also complete checks when making changes to high-risk aspects of the business in order to protect against the fraudulent interception of goods or payments.

How can I minimise third party risk?

An effective third party risk management program is critical to effectively managing and mitigating third party risk. It should provide a comprehensive insight of the many different areas which can create risk and assess areas such as vendor risk management, a consideration of fourth parties (your third party’s own third parties) and creating and maintaining a vendor assessment process.

What we do

Comprehensive support to mitigate the potential risks in your supply chain

Protect your reputation and bottom line with Kroll’s third party cyber risk management services. Benefit from our powerful blend of unique insight gained from in-house experience of managing third-party risk and handling more than 3,000 diverse cyber incidents every year, supported by today’s most advanced technology.

We can help you assess, identify and remediate with confidence and can deploy remote solutions quickly and/or be onsite within hours.

Common types of risk our supply chain due diligence services can defend against:

  • Credential theft
  • Data exfiltration
  • IP theft
  • Network intrusion
  • Spear phishing

About us

Why choose Kroll?

  • Flexible, on-demand services
  • Recognised by CREST and the PCI Council
  • Global team of cyber risk experts
  • >3,200 security incidents responded to every year

Get in touch

Complete the form for a prompt response from our team.

Two Redscan team members analysing cyber security intelligence

1000 characters left
View our privacy policy

Resources

Discover our latest content and resources

From the blog
From the blog Case studies Latest news
18th March 2024
Prioritise the security of perimeter products, says NCSC
Securing perimeter products must be a priority for organisations as threat actors are increasingly targeting insecure self-hosted products at the corporate network perimeter, according to the UK's National Cyber Security Centre (NCSC).
4th March 2024
Insider threats an increasing concern for UK companies
More than half of UK business decision-makers surveyed for a new study stated that they were concerned about the likelihood of their employees being approached by cybercriminals, leading to a rise in insider threats.    
26th February 2024
78% of organisations hit by repeat ransomware attacks after paying
A new report shows that almost four in five organisations that paid a ransom demand were hit by a second ransomware attack, often by the same threat actor. Almost two-thirds (63%) of those organizations were asked to pay more the second time.
19th February 2024
UK companies lost £31bn due to security breaches in 2023
More than 1.5 million UK businesses were compromised by threat actors in 2023, with a total cost of more than £31.5bn, according to new research.