Download PDF
CyberGRX > Case Studies > A Force Multiplier for Third-Party Cyber Risk Management: Blackstone's Case Study
CyberGRX Logo

A Force Multiplier for Third-Party Cyber Risk Management: Blackstone's Case Study

 A Force Multiplier for Third-Party Cyber Risk Management: Blackstone's Case Study - IoT ONE Case Study
Technology Category
  • Platform as a Service (PaaS) - Application Development Platforms
  • Sensors - Haptic Sensors
Applicable Industries
  • Telecommunications
Use Cases
  • Cybersecurity
  • Inventory Management
Services
  • Cybersecurity Services
The Challenge
Blackstone, a leading investment firm, faced a significant challenge in managing its third-party cyber risk. With a rapidly growing business, a robust vendor ecosystem, and a portfolio of over 100 companies, Blackstone needed a solution that could efficiently and effectively manage its third-party cyber risk. The existing risk management program, initiated in 2012, was based on spreadsheets and phone calls, which was not scalable to keep up with the 4 to 6 new vendors coming on board every month. This challenge was not unique to Blackstone, as their entire portfolio of companies shared the same issue. The companies were using different methodologies to support their risk programs, there was a lot of overlap among common vendors being assessed by multiple companies, and findings from assessments were rarely shared.
The Customer

Blackstone

About The Customer
Blackstone, founded in 1985, is one of the world’s leading investment firms. They seek to create positive economic impact and long-term value for their investors, the companies they invest in, and the communities in which they work. They do this by using extraordinary people and flexible capital to help companies solve problems. Blackstone has a solid ecosystem of over 3,000 vendors, while their portfolio, which includes over 100 companies, has tens of thousands of vendors. As their business grew rapidly, they faced the challenge of managing third-party cyber risk in an efficient and scalable manner.
The Solution
Blackstone turned to CyberGRX's platform to create a more efficient third-party risk management program. The platform provided Blackstone with greater insight into which risks needed to be prioritized for mitigation. It enabled Blackstone to risk rank their vendors, issue appropriately tiered assessments, and get a clear understanding of which third parties posed the greatest risk. The advanced analytics of the CyberGRX platform helped Blackstone prioritize the critical areas of risk and enabled them to have risk-based discussions with their vendors and business partners. Furthermore, once a vendor completed an assessment and posted it to the CyberGRX Exchange, that assessment became available to any one of Blackstone’s portfolio companies who were also using CyberGRX. This significantly reduced the waste and overlap of redundant assessment requests between and among Blackstone and its portfolio.
Operational Impact
  • The implementation of the CyberGRX platform has brought about significant operational improvements for Blackstone. The platform's advanced analytics have helped Blackstone prioritize critical areas of risk, enabling them to have risk-based discussions with their vendors and business partners. The CyberGRX Exchange model has also significantly reduced the waste and overlap of redundant assessment requests between and among Blackstone and its portfolio. This has allowed Blackstone to focus more resources on risk management, reduction, and mitigation efforts, rather than on the tedious work of swapping spreadsheets and making extended phone calls with vendors. Furthermore, with the CyberGRX platform up and running, Blackstone now has continuous insight into the threats posed by their ecosystem, without adding additional overhead.
Quantitative Benefit
  • CyberGRX significantly reduced the time required for Blackstone to conduct third-party cyber risk assessments.
  • In the first year partnering with CyberGRX, Blackstone anticipates it will assess 3x the number of vendors than were previously assessed.
  • Blackstone has been able to reduce the resources allocated to their previously inefficient assessment process, from 1 to .5 FTE.

Related Case Studies.

Contact us

Let's talk!

* Required
* Required
* Required
* Invalid email address
By submitting this form, you agree that IoT ONE may contact you with insights and marketing messaging.
No thanks, I don't want to receive any marketing emails from IoT ONE.
Submit

Thank you for your message!
We will contact you soon.