Recent Forrester Research Affirms RiskRecon’s Commitment to Driving Efficiency and Value to Third-Party Risk Management
Thousands of companies globally rely on RiskRecon, a Mastercard company, to gain essential insights into the hygiene of their cyber ecosystems. As a leading provider of cybersecurity ratings and insights to customers across industries – ranging from finance and insurance to aerospace and healthcare – our mission remains fixed – providing the world’s easiest method for third-party risk management (TPRM) professionals to understand and act on their third-party cyber risk.
According to findings of an independently commissioned Total Economic Impact™ (TEI) study conducted by Forrester Research on behalf of RiskRecon, organizations using RiskRecon realize an average return on investment (ROI) of 147% over a three-year period. The study also reveals that organizations using RiskRecon achieve up to 150% higher analyst productivity, empowering analysts to spend time on more strategic initiatives that drive the business forward.
Quantified Business Benefits
To understand the business benefits and cost savings that RiskRecon delivers its customers, Forrester interviewed six organizations with experience using RiskRecon and combined the results into a three-year composite organization financial analysis. The May 2021 study, “The Total Economic Impact™ Of Mastercard RiskRecon,” found that enterprises using RiskRecon accrue quantified benefits of $1.4 million, consisting of routine third-party assessment efficiencies, M&A savings through targeted efforts and automation for routine assessments and on critical vendors, higher productivity for analysts, and usability among senior leadership, among other benefits. According to the study, “[RiskRecon’s continuous monitoring] solution helps analysts measurably improve risk posture and hygiene, allowing them to focus assessment efforts where it matters most.”
RiskRecon’s customer success and satisfaction are evident in the following quantified business benefits uncovered in the study.
- Analyst Productivity – RiskRecon empowers TPRM analysts to do and achieve more with their time. By enabling analysts to identify and remediate open cybersecurity threats for their organization, resulting in analyst efficiency improvements up to 150%. In addition, organizations using RiskRecon avoided, on average, hiring 4.5 additional TPRM resources.
- Assessment Accuracy – The company’s robust continuous monitoring solution yields highly accurate and prioritized findings. RiskRecon’s accuracy attribution has been independently certified to 99.1% accuracy.
- Third-Party Assessment Efficiencies – RiskRecon’s risk priority matrix enables analysts to concentrate and prioritize efforts on their most critical vendor issues. The study found that targeting assessments cut the level of effort for assessments by 56%. In addition, the assessment efficiency is worth more than $591,000 to the composite organization.
- Avoided Third-Party Audit Savings – RiskRecon enables TPRM programs to quickly understand and act on risks that threaten their organization, third-party relationships, and subsequent supply chain. Benefits include targeted audit efforts on critical vendors and eliminated 70% of external audits.
Additional benefits of the impact of the RiskRecon investment on customers’ own and third-party security postures:
- Third-party ecosystem scores improved by an average of 30%.
- Organizations’ own self-score increased by an average of 62%.
- M&A Savings – RiskRecon enables TPRM programs to better streamline their M&A due diligence needs. With efficiency efforts in place, analysts avoid 80 hours of manual due diligence efforts per M&A event. Over three years and a cumulative total of six M&A events, M&A process automation totals nearly $22,561 in savings.
What Customers Say… Organizations across industries use RiskRecon, including finance, insurance, healthcare, energy, technology, manufacturing, life sciences, pharmaceuticals, aerospace and defense, government, and retail, along with others. Below are some benefits that our customers shared in the study.
- VP, third-party risk, financial services: “First, we chose RiskRecon because of the quality of the data. They do not source data from third parties, they crawl and compile their own data and they provide easy access to the backend data. Second was how intuitive the tool is to use; how easy it was for anyone to just go and get access to it and be productive quickly. And finally, was how responsive the whole customer service is and the interaction with them. RiskRecon was just very, very different compared to the other big providers.”
- Director of information security at a healthcare organization: “RiskRecon provides value to us for three reasons. First, it is a view into our own reporting, and it make us aware of shadow IT. Second, it shows progress of the program because it is quantifiable data. And third, it gives us the ability to put a risk factor on our third-party program. You would have to do a lot of labor to assign a risk to everyone you did business with.”
- Partner, strategic risk, professional services: “The bottom-line justification for RiskRecon is it improves your risk governance. It improves your cyber risk assessment and, therefore, improves your ability to do better risk governance.”
Download the full study here to read more customer uses cases, including benefits and drivers that led organizations to RiskRecon.