SecurityScorecard Admits That Third Party Risk Management Is Hard and Announces Professional Advisory Services
SecurityScorecard has announced the availability of new professional advisory services to help customers consume its vendor cyber risk rating product. In doing so, it is tacitly admitting that risk ratings are not the easy solution they’ve been hyped to be.
On March 21, 2019 SecurityScorecard announced three new services that provide customers with access to advisors to help them conduct vendor security assessments.
“As the first to market with a professional services offering, SecurityScorecard was founded on a customer-centric approach to providing the most seamless and easy to implement security ratings platform in the world,” said Aleksandr Yampolskiy, CEO of SecurityScorecard. “With the addition of professional services to our award winning security ratings platform, SecurityScorecard is doubling down on our customer-centric commitment and plan to continue adding to these professional services to give our global customers cutting-edge insights and advice from trained security professionals.”
Our Take
Vendor cyber risk ratings continue to grow in popularity, but they are not the simple solution to the third-party risk management problem that vendors would have us believe. SecurityScorecard’s announcement is a tacit admission to that fact, and it is very likely that BitSight and other major players in this space will soon follow suit.
Customers may find some value in these advisory services, but they should be cautious about building a program around a specific product. Info-Tech’s advice is to build the program and then find products that make the program more efficient and effective.