As cyber threats escalate, organisations increasingly rely on software vendors and interconnected systems, creating vulnerabilities that cybercriminals can exploit.

Resilience says its new VRR tool provides real-time visibility into security gaps, allowing businesses to evaluate the cyber health of critical vendors and suppliers directly within the company’s risk management platform.

The launch comes amid a surge in third-party cyberattacks, with high-profile breaches in 2024—including incidents at Change Healthcare and CDK Global—demonstrating how vulnerabilities in widely used software can trigger cascading disruptions across industries.

By integrating vendor vulnerability monitoring, Resilience aims to provide enterprises with a proactive defense strategy, ensuring a comprehensive approach to cyber risk management in an era of heightened digital threats.

“Over the past year, more than a third of the claims in our portfolio were related to third-party incidents, and in a startling new trend, twenty percent of claims with covered losses in 2024 stem from a vendor related incident. Even if a company has an airtight security posture of its own, it can still be at the mercy of its partners’ vulnerabilities. But enterprises can’t mitigate third-party risk if they can’t see it,” said Ann Irvine, Chief Data and Analytics Officer at Resilience. 

“Our new offering solves this pain point. It builds on our long-held belief that companies need to be proactive, not reactive, in understanding exactly where their risk is and taking actionable steps to mitigate material loss.”

Existing industry solutions for managing vendor risk tend to fall short. They lack integration with their risk management platforms, slowing access to timely insights by requiring additional legwork for enterprise customers to locate siloed request forms. In contrast, Resilience’s user-friendly, integrated VRR experience lives in a centralized dashboard so clients can near-instantly view vendor risk levels and critical alerts without ever having to leave the platform. Ultimately, it provides a more complete picture of cyber risk, expanding the scope and accuracy of Resilience’s monitoring and critical alerting capabilities. More importantly, once a report has been run for a particular vendor, Resilience continually monitors that vendor for risk intelligence and keeps clients abreast of critical issues.

Specifically, the feature includes:

• Comprehensive risk snapshots: Each report offers a record of a vendor’s publicly observable exposures, providing a snapshot of its attack surface at a specific moment in time. Observed exposures can indicate the effectiveness of a vendor’s security controls.
• Summary of vulnerable digital assets: Customers can view a vendor’s exposed digital assets that attackers could target and exploit.
• Extensive vendor selection: Customers can seamlessly request reports for IT, security, supply chain, payroll, and other non-IT vendors. VRRs are available both for current vendors as well as those under consideration.
• Industry risk insight: Resilience continuously monitors attack vectors, threat actors, malicious software and tools, and exploitable vulnerabilities in a vendor’s industry.
• Critical real-time alerts: All added vendors are continuously monitored for risk intelligence, even if no new report is generated.