For supply chain
cyber risk management.
A simplified approach to managing third party cyber risk that focuses on making all of your suppliers better and not just keeping an eye on a few.
For consultants &
A ready to deliver solution for consultants, advisors and professional associations that are helping directors, corporate boards or senior executives build cyber risk understanding and confidence.
Valued partners and affiliates.
CyberMetrix is proud to partner and be affiliated with some of the most respected organisations and associations in their respective industry’s. These relationships help us spread the word, scale delivery, and feel good just by surrounding ourselves with like-minded, good-hearted people that want a safer and more secure world too.
“It’s critical that large organisations and governments proactively work with their suppliers on improving cyber resilience that extends beyond their own walls. The return on investment from procurement-driven cyber engagement programs that utilise certification approaches like CyberMetrix’s Digital Trust Certification Program could provide an uplift to national cyber resilience that would be unprecedented.”Professor Ryan Ko
“Cyberturity delivers an educational and instructional engagement that would typically only be accessible to larger enterprises often via protracted and expensive consulting engagements.”Charles Sterner
“There is a well known gap in the support available to Australian SME’s that currently leaves them exposed to the risk of cyber attack. The Cyberturity 360 Assessment directly addresses this gap in the market and makes cyber risk assessments far more accessible to all levels of business.”Pip Wrydeman
We are working to solve.
Third-party cyber risk:
Exploiting the weakest links
One of the greatest challenges large organisations and governments are facing is the need for higher levels of assurance and cyber resilience that extends beyond their own walls. As cyber threats grow deep within supply chains due to insecure, under-prepared partners, larger organisations are needing to move fast to contain this rapidly emerging third-party cyber risk.
Current third-party risk management approaches focus primarily on the assessment and management of a narrow subset of suppliers: Larger, more technically-driven suppliers are identified as high-risk threats, with little or no attention being given to the supply chain as a whole - the majority of which consists of insecure and under-prepared small-to-medium enterprises (SMEs).
As bad-actors and nation-states continue to search for fresh avenues of attack, SMEs have become the target of choice, providing an easy entry point for attacking larger organisations and governments from within the supply chain itself.
One of the most costly cyber attacks in history used an SME as it’s entry point. In 2013, U.S. retailer Target reported a massive network intrusion and theft of data, resulting in over US$260M in direct financial loss and a further US$25M in fines. The entry point? Fazio Mechanical, a small refrigeration services company, with less than 50 employees.
McKinsey & Company
Australian Government, Australian Signals Directorate
Forbes Media LLC
Now a ‘Top 4’ issue for corporate boards.
Managing cyber risk is a relatively new responsibility for directors, corporate boards and even risk management teams. Traditionally, responsibility for cyber security has been delegated almost exclusively to an IT function to own and manage.
This approach seemed logical, but in reality has left organisations of all sizes under-prepared. Directors and corporate boards are becoming increasingly exposed to this risk and the ultimate responsibility of owning it and addressing it. There may also be regulatory implications depending on the industry sector the organisations operate within - especially those facing regulatory implications under APRA, AEMO or similar.
One of the greatest challenges these leaders are having is understanding the core concepts of cyber risk management and relating that back to how that can impact their organisation.
While boards and risk teams now generally accept that cyber security isn’t a problem technology alone can solve, there still remains a gap in clearly understanding why that is, what they need to know for greater confidence, and where limited resources should be focused for maximum benefit.
The Sydney Morning Herald
Australian Financial Review
McKinsey & Company