FAIR vs Resilience
Resources

Resilience Tackles Rising Tide of Third-Party Cyber Risk With Vendor Risk Insights

With integrated Vendor Risk Report tool, customers gain unprecedented visibility into the security gaps of popular software vendors

by Whitney Glockner Black , VP, Communications
Published

SAN FRANCISCO, CA – February 5, 2025 – Resilience, the leading cyber risk solutions company, today unveiled the addition of its Vendor Risk Report (VRR) offering to the company’s integrated cyber risk management platform. The new solution enables enterprise clients to proactively tackle third-party risk by assessing the underlying security health of their most critical vendors and suppliers right within the platform. As cybercrime worsens, enterprises can now add vendor vulnerability monitoring to their cybersecurity arsenals, making it even easier to maintain a proactive, comprehensive approach to threat mitigation.

The new offering represents the latest milestone in Resilience’s track record of helping enterprises effectively manage third-party risk—and comes at a time when this threat is at an all-time high. Growing reliance on ubiquitous software vendors has enabled threat actors to exploit a single point of failure in one network and unleash a domino effect of downstream disruption. Many of the most catastrophic cyberattacks in 2024, including Change Healthcare and CDK Global, involved heavily interconnected systems. 

“Over the past year, more than a third of the claims in our portfolio were related to third-party incidents, and in a startling new trend, twenty percent of claims with covered losses in 2024 stem from a vendor related incident. Even if a company has an airtight security posture of its own, it can still be at the mercy of its partners’ vulnerabilities. But enterprises can’t mitigate third-party risk if they can’t see it,” said Ann Irvine, Chief Data and Analytics Officer at Resilience. “Our new offering solves this pain point. It builds on our long-held belief that companies need to be proactive, not reactive, in understanding exactly where their risk is and taking actionable steps to mitigate material loss.”

Existing industry solutions for managing vendor risk tend to fall short. They lack integration with their risk management platforms, slowing access to timely insights by requiring additional legwork for enterprise customers to locate siloed request forms. In contrast, Resilience’s user-friendly, integrated VRR experience lives in a centralized dashboard so clients can near-instantly view vendor risk levels and critical alerts without ever having to leave the platform. Ultimately, it provides a more complete picture of cyber risk, expanding the scope and accuracy of Resilience’s monitoring and critical alerting capabilities. More importantly, once a report has been run for a particular vendor, Resilience continually monitors that vendor for risk intelligence and keeps clients abreast of critical issues. 

Specifically, the feature includes:

  • Comprehensive risk snapshots: Each report offers a record of a vendor’s publicly observable exposures, providing a snapshot of its attack surface at a specific moment in time. Observed exposures can indicate the effectiveness of a vendor’s security controls. 
  • Summary of vulnerable digital assets: Customers can view a vendor’s exposed digital assets that attackers could target and exploit. 
  • Extensive vendor selection: Customers can seamlessly request reports for IT, security, supply chain, payroll, and other non-IT vendors. VRRs are available both for current vendors as well as those under consideration. 
  • Industry risk insight: Resilience continuously monitors attack vectors, threat actors, malicious software and tools, and exploitable vulnerabilities in a vendor’s industry. 
  • Critical real-time alerts: All added vendors are continuously monitored for risk intelligence, even if no new report is generated.

Resilience customers can request VRRs for any vendor of their choice—whether a current partner or one under consideration—directly in Resilience’s Cyber Risk Profile Builder platform and receive an automatically generated report in minutes. 

You might also like

Digital Risk: Enterprises Need More Than Cyber Insurance

Resilience Announces Organizational Promotions as Company Accelerates Growth

Resilience, the leading cyber risk company, today announced several promotions as its global growth continues to accelerate. Building on its industry-leading loss ratio, the expansion of its cyber risk management software, and its expanded appetite for its insurance offerings over the past year, these key leaders will help position the company’s evolution in 2025 and […]

FAIR vs Resilience

Threat actors exploit cybersecurity gaps from M&A and software consolidation, Resilience finds

SAN FRANCISCO, CA – August 13, 2024 – Threat actors evolved their tactics in 2024 to take advantage of business and technology consolidation, the leading cyber risk solution company Resilience found in its Midyear 2024 Cyber Risk Report. Increasing M&A and reliance on ubiquitous software vendors created new opportunities for threat actors to unleash widespread […]

Digital Risk: Enterprises Need More Than Cyber Insurance

Killian Brady Name Resilience Chief Underwriting Officer

New York, NY – July 29, 2024– Resilience, the leading cyber risk company, today has appointed Killian Brady as Chief Underwriting Officer. In the role, Brady will direct and oversee all aspects of the underwriting function for Resilience’s growing portfolio of middle market and large enterprise clients across Resilience’s Cyber and Tech E&O portfolio(s). Brady […]

FAIR vs Resilience

Resilience Named Cyber MGA of the Year in 2024 Zywave Cyber Risk Awards

SAN FRANCISCO, CA, June 17, 2024 – Resilience, the leading cyber risk solutions company, has been voted Cyber MGA of the Year in the 2024 Zywave Cyber Risk Awards. Now in their 11th year, the Cyber Risk Awards honor individuals and companies at the forefront of the cyber risk industry. More than 10,000 votes were […]

Digital Risk: Enterprises Need More Than Cyber Insurance

Resilience Launches Technology Errors & Omissions Coverage

Resilience, a leading cyber risk management firm, today announced its launch of Technology Errors & Omissions (E&O) coverage for U.S. organizations with $300M–$10B in revenue. With $10M in limits available for both primary and excess placements, the E&O addition to Resilience’s existing cyber insurance offering is poised to further help clients mitigate and cover liability arising from technology products […]