Blackstone, one of the world's leading investment firms, needed a scalable solution to manage cyber risk from its growing number of third-party vendors. It adopted CyberGRX's dynamic assessment and analytics platform. This enabled Blackstone to assess 3 times more vendors than before while reducing resources spent on assessments by 50%. The new approach allowed Blackstone to focus on true risk management rather than tedious manual tasks.
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
CyberGRX TPCRM Case Study - Blackstone
1. How a Leading Investment Firm
Assessed 3x More Vendors Than Before
Blackstone trusted CyberGRX to arm them with a modern third-
party cyber risk program. The result? A streamlined approach that
reduced resource spend by 50%, allowing Blackstone to
reallocate resources to true risk management, reduction, and
mitigation efforts - and that's not all.
2. The Company: Blackstone
Founded in 1985, Blackstone is one of
the world’s leading investment firms.
They seek to create positive economic
impact and long-term value for their
investors, the companies they invest in,
and the communities in which they work.
Blackstone has over 3,000 vendors
themselves, while their portfolio, which
includes over 100 companies, has tens of
thousands of vendors.
3. The Problem
With a steadily growing ecosystem of third
parties, Blackstone needed a streamlined,
scalable solution that could force-multiply their
third-party cyber risk management efforts.
They were onboarding 4 to 6 new vendors
every month, and static spreadsheets just
weren't cutting it.
Spreadsheet assessments and endless
phone tag couldn't keep up
Wasted time and resources
on tedious, manual tasks
Couldn't scale with vendor growth
Lack of shared insights
4. The Solution
CyberGRX’s dynamic assessments and advanced
analytics have enabled Blackstone to prioritize
critical areas of risk and allows them to have
informed, risk-based discussions with their vendors
and business partners.
Once a vendor completes an assessment on the
Exchange, it's kept up-to-date, shared with
approved partners, and significantly reduces the
waste and overlap of redundant assessment
requests between and among Blackstone and its
portfolio.
A new, game-changing approach
5. The Results
Blackstone assesses 3x the number of
vendors than previously assessed
Blackstone has been able to reduce the
resources allocated to their previously
inefficient assessment process, from 1 to
.5 FTE
Can now focus resources on true risk
management, reduction, and mitigation
efforts
"CyberGRX is a force multiplier for our
third-party cyber risk management
program. In just the first year, I
anticipate we will be able to assess 3x
more vendors than we assessed last
year and reallocate the resources
saved to true risk management and
mitigation efforts."
Adam Fletcher
Blackstone CISO