Frequently Asked Questions about CyberClarity360™

  • Q What is CyberClarity360™?
    A

    CyberClarity360™ provides an ongoing independent and objective assessment of the cyber security and resilience of your external partners.

    We’ve made cyber risk easier to understand using a score, so your decision makers can focus on meeting their business goals. Our patent pending scoring system provides complete transparency and flexibility, whilst allowing you to benefit from the collective power of the CyberClarity360™ community.

    Our unique solution helps educate and improve the cyber security and resilience of your external partners.

    Developed by Duff & Phelps’ award-winning industry thought leaders, CyberClarity360™ draws upon our deep experience helping organizations with complex global data risk challenges.


  • Q What are the benefits of CyberClarity360™ for Corporations and Providers?
    A

      For Corporations

    • Quickly understand your supply chain cyber risk
    • Strengthen relationships through greater transparency
    • Independent and objective bi-annual assessments
    • Significant cost savings
    • Reduced vendor onboarding time
    • Benchmark your third-party providers

      For Providers

    • Regular cyber resilience and data privacy assessment
    • Prioritized recommendations to help remediate vulnerabilities and reduce risk
    • Share your CyberClarity360™ Score and Assessment history for significant cost savings
    • Benchmark against peers
    • Preferred access to Duff & Phelps Global Data Risk solutions, including Incident Breach and Response advisory

  • Q How does it work?
    A

      CyberClarity360™ is designed to be simple and easy for both Corporations and Providers:

    1. Onboard Corporation
      Our Onboarding Specialist will guide you through setting up your profile and users in our secure exchange platform.
    2. Invite Providers
      New Providers are sent invitations to complete our holistic CyberClarity360™ Assessment.
    3. Complete CyberClarity360™ Assessment
      After completing the CyberClarity360™ assessment, Providers receive their CyberClarity360™ Score, detailed assessment report including prioritized remediation recommendations and benchmarks.
    4. Unlock CyberClarity™ Score
      New and existing Providers unlock their CyberClarity360™ Score, assessment report and history for review by Corporations. Once unlocked, Corporations have continued access to monitor their Providers’ assessment information.

  • Q We already have an internal team managing information security assessments. How can CyberClarity360™ help us?
    A
    1. Reduce Cost / Increase Value of Internal Resources
      • We can significantly reduce (and potentially eliminate) your costs of conducting information security and data privacy assessments, allowing your internal team to focus on higher value tasks (e.g. onsite audits, collaborative incident response simulations) to help mitigate risk.
    2. Improve Vendor Coverage
      • Most organization do not have sufficient resources to properly evaluate all their vendors. Our scalable solution allows you to benefit from a thorough assessment of every vendor!
      • Similarly, Providers benefit from a reduced volume of individual client questionnaires, by quickly sharing their CyberClarity360™ Score, assessment report and history to as many clients as they want. Therefore, Providers spend more time completing one assessment thoroughly, rather than rushing to get it off their desk.
      • Our assessment includes many non-technical factors (e.g. political and geographical) that affect an organization’s risk profile.
      • We assess an organization’s approach to data privacy, including compliance to GDPR.
    3. Reduce Risk
      • Our unique solution helps educate and improve the cyber security and resilience of your external partners.
      • CyberClarity360™ Providers are given detailed assessment report that includes a breakdown of identified risks, and tailored best-practice guidance on how they should address areas of vulnerability. Our remediation advice is prioritized to those critical areas of highest risk, so Providers can focus their attention on implementing recommendations that will reduce the most risk and have the greatest impact on their CyberClarity360™ Score.

  • Q How does CyberClarity360™ help us make quicker cyber risk based decisions?
    A

    Cybersecurity is a complex subject and many decision makers struggle with interpreting the technical issues that are identified and using them to make business decisions.

    We simplified understanding cyber risk using a score. Like credit scores, the CyberClarity360 TM Score allows decision makers to very quickly understand the security and data privacy posture of an organization, allowing them to focus on improving their partner relationships and meeting their business goals. At the same time, our assessment report also provides very granular information about vulnerability gaps and areas of improvement.

    Finally, we couple the CyberClarity360TM Score with information about how the corporations use their vendors (e.g. the type work performed or amount of business they do), which allows Corporations to make quick context-based data driven decisions.


  • Q What key areas of risk does the CyberClarity360™ Assessment cover?
    A

    Developed by a multi-disciplinary team, our information security and data privacy assessment provides unique insights into organizational, political, geographical and technological risks. We leverage the NIST Cyber Security Framework, due to its openness, accessibility, public peer review and depth of technical controls.


  • Q Can CyberClarity360™ be used for GDPR compliance?
    A

    Yes. We have an entire section of our assessment specifically focused on data privacy concepts common across many jurisdictions, including the EU General Data Privacy Regulations.


  • Q Can you help us with addressing obligations under New York Department of Financial Services 23 NYCRR 500?
    A

    Yes. Our assessment can assist your organization to understand compliance of your third-party service providers pursuant to Section 500.11.


  • Q Is the CyberClarity360™ assessment transparent and objective?
    A

    Yes. For our community to trust our program and rely on it for decision making, we understand the need for complete transparency. Our assessment and scoring model is open box. We utilize a standardized testing approach and all Providers take the same assessment, which allows our clients to easily compare their scores against peers.


  • Q How often do Providers take CyberClarity360™ Assessments
    A

    Due to the evolving nature of technology and increasing sophistication of cyber threats, CyberClarity360™ Assessments are completed by Providers at least on a semi-annual basis. In addition, Providers are under an obligation to disclose any material changes since taking their last assessment, and we may adjust scores accordingly.


  • Q What is the benefit of asking Providers to complete a self-assessment?
    A

    Today’s threat landscape includes the proliferation of ransomware attacks that are designed to maximize business disruption and can cripple an otherwise thriving business. It is therefore crucial to understand how quickly an organization can recover from an attack.

    Assessments remain one of the best ways to understand an organization’s resiliency, i.e. whether they have the necessary controls and procedures in place to quickly recover and restore their information systems following an attack. Assessment responses can also prove valuable in helping define contractual terms with external partners or adopting specific mitigation strategies.


  • Q Is the CyberClarity360™ Program based only on self-assessment?
    A

    We operate a trust but verify model. Unlike other products, our unique CyberClarity360™ Program includes verification of Provider’s responses each year to ensure accuracy. We perform integrity scans to ensure assessments are properly completed, random checks on Providers’ completed assessments, and targeting specific topic areas across Providers. Our assessment also has built-in checks to identify inconsistencies.

    Providers’ CyberClarity360™ Score may be adjusted following verification of their response. In addition, our Data Analytics Team continuously reviews Provider responses and verification reports to identify enhancements to our assessment questions and scoring model.

    Our Global Data Risk team can also provide more in-depth remote and on-site verification as needed. Please contact us for more information.


  • Q Do you offer different types of assessments (e.g. truncated) for Providers with different risk profiles?
    A

    Prioritizing and/or tiering assessments was necessary to compensate for the lack of resources to conduct thorough assessments of ALL Providers. Tiering is not necessary in our program, as our scalable solution allows you to benefit from a thorough assessment of every vendor. In addition, this allows you to quickly transition an existing vendor to higher value/risk work, without waiting to perform an additional ‘more comprehensive’ assessment.

    We understand that some of our clients have specific and unique needs, and our patent pending approach can support addendums and personalized scoring models. We would be happy to discuss your custom needs and how we can help you.


  • Q How does CyberClarity360™ help our Providers address vulnerabilities?
    A

    Our goal is to help our Providers reduce their risk of breach by improving their cyber resilience and resulting CyberClarity360™ Score. Following completion of our comprehensive CyberClarity360™ assessment, Providers can access a detailed assessment report that includes a breakdown of identified risks, and tailored best-practice guidance on how they should address areas of vulnerability. Remediation advice is prioritized to those critical areas of highest risk, so Providers can focus their attention on implementing recommendations that will reduce the most risk and have the greatest impact on their CyberClarity360™ Score.


  • Q How does your Program help with onsite visits?
    A

    Our scalable solution frees up time for your teams to manage on-site assessments, rather than spending time managing security questionnaires. Our assessment serves as an excellent tool (checklist) to prepare for on-site audits. Our Global Data Risk team can also provide more in-depth remote and on-site verification as needed. Please contact us for more information.

    We recognize that onsite audits are a significant challenge for our clients and we are already working on the next generation solution!


  • Q How do Providers share their CyberClarity360™ assessment results with their Corporations?
    A

    Our secure proprietary exchange platform enables Providers to ‘unlock’ and instantly share their CyberClarity360™ Scores and Assessment information with any Corporation in our Program. Our unique solution simplifies the security assessment process and significantly decreases the operational cost to both Corporations and Providers.


  • Q Is CyberClarity360™ secure?
    A

    Yes. We understand that the information we collect from Providers, and are entrusted with, is of a highly sensitive nature. We developed CyberClarity360™ to be secure and scalable. Our solution has achieved VerAfied Certification and we use the latest technology protocols to ensure our clients information remans safe, including multi-factor authentication, verification and validation of user identity, encryption of data-at-rest and in-transit.


  • Q How much does it cost?
    A

    CyberClarity360™ offers Corporations a unique cost sharing model with phenomenal ROI compared to conducting assessments internally. Our annual subscription fees are calculated based on the number Providers sharing their CyberClarity360™ assessment information with a Corporation. Volume based discounts are available.

    Providers can take our independent and objective assessment, receive their CyberClarity360 Score and prioritized remediation at no cost! Our annual subscription fees are based on the number of Corporations with whom Providers are sharing their CyberClarity360™ Assessments.

    Please contact us at 833-CC0-RISK (833-220-7475) or email us at support@cyberclarity360.com for more information about our subscription fees.


Get in Touch.

For more information contact us at 833-CC0-RISK (833-220-7475)

or email us at info@cyberclarity360.com.