SAN FRANCISCO, CA – February 5, 2025 – Resilience, the leading cyber risk solutions company, today unveiled the addition of its Vendor Risk Report (VRR) offering to the company’s integrated cyber risk management platform. The new solution enables enterprise clients to proactively tackle third-party risk by assessing the underlying security health of their most critical vendors and suppliers right within the platform. As cybercrime worsens, enterprises can now add vendor vulnerability monitoring to their cybersecurity arsenals, making it even easier to maintain a proactive, comprehensive approach to threat mitigation.
The new offering represents the latest milestone in Resilience’s track record of helping enterprises effectively manage third-party risk—and comes at a time when this threat is at an all-time high. Growing reliance on ubiquitous software vendors has enabled threat actors to exploit a single point of failure in one network and unleash a domino effect of downstream disruption. Many of the most catastrophic cyberattacks in 2024, including Change Healthcare and CDK Global, involved heavily interconnected systems.
“Over the past year, more than a third of the claims in our portfolio were related to third-party incidents, and in a startling new trend, twenty percent of claims with covered losses in 2024 stem from a vendor related incident. Even if a company has an airtight security posture of its own, it can still be at the mercy of its partners’ vulnerabilities. But enterprises can’t mitigate third-party risk if they can’t see it,” said Ann Irvine, Chief Data and Analytics Officer at Resilience. “Our new offering solves this pain point. It builds on our long-held belief that companies need to be proactive, not reactive, in understanding exactly where their risk is and taking actionable steps to mitigate material loss.”
Existing industry solutions for managing vendor risk tend to fall short. They lack integration with their risk management platforms, slowing access to timely insights by requiring additional legwork for enterprise customers to locate siloed request forms. In contrast, Resilience’s user-friendly, integrated VRR experience lives in a centralized dashboard so clients can near-instantly view vendor risk levels and critical alerts without ever having to leave the platform. Ultimately, it provides a more complete picture of cyber risk, expanding the scope and accuracy of Resilience’s monitoring and critical alerting capabilities. More importantly, once a report has been run for a particular vendor, Resilience continually monitors that vendor for risk intelligence and keeps clients abreast of critical issues.
Specifically, the feature includes:
- Comprehensive risk snapshots: Each report offers a record of a vendor’s publicly observable exposures, providing a snapshot of its attack surface at a specific moment in time. Observed exposures can indicate the effectiveness of a vendor’s security controls.
- Summary of vulnerable digital assets: Customers can view a vendor’s exposed digital assets that attackers could target and exploit.
- Extensive vendor selection: Customers can seamlessly request reports for IT, security, supply chain, payroll, and other non-IT vendors. VRRs are available both for current vendors as well as those under consideration.
- Industry risk insight: Resilience continuously monitors attack vectors, threat actors, malicious software and tools, and exploitable vulnerabilities in a vendor’s industry.
- Critical real-time alerts: All added vendors are continuously monitored for risk intelligence, even if no new report is generated.
Resilience customers can request VRRs for any vendor of their choice—whether a current partner or one under consideration—directly in Resilience’s Cyber Risk Profile Builder platform and receive an automatically generated report in minutes.