Accelerating Third-Party Risk Management with simple and effective Third-Party cyber risk scorecards

LONDON – DVV Solutions, a leading provider of Third-Party Risk Management (TPRM) and IT Security services, today partnered with Black Kite, the only provider of standards-based external cyber risk assessment and mitigation recommendations. DVV Solutions customers will now have the capability of assessing, measuring and mitigating cyber risk associated with their suppliers and third parties.

Black Kite enables enterprises to rank and understand the cyber risk for each of their suppliers, subsidiaries, and target acquisitions. Using easy-to-understand scorecards provide standards-based letter grades on various risk categories, along with data on how to mitigate each risk in priority order. DVV Solutions and their customers can use these scorecards to measure their total shared security ecosystem with their partners and suppliers, and even monitor security improvements made by partners in real-time.

“By integrating the Black Kite Cyber Security Risk Scorecards into our managed service offering, we are enabling organizations to adopt a more proactive and powerful approach to the identification, quantification, and mitigation of risks in the extended enterprise,” said Sean O’Brien, managing director of DVV Solutions. “Black Kite’s Cyber Risk Scorecards are a perfect fit for our service portfolio, delivering a proven, standard-based methodology in line with our core ‘Trust but Verify’ risk management philosophy. The addition of both the Rapid and Comprehensive Scorecards enables us to deliver a quality of analysis and time-to-value that some service providers often struggle to realize for their clients.”

Taking a standards-based approach to risk rating

Black Kite’s methodology is built upon the Cyber Threat Susceptibility Assessment (CTSA) for evaluating the susceptibility of a system to cyber-attack developed by MITRE. CTSA quantitatively assesses a system’s [in]ability to resist cyber-attack over a range of cataloged attack Tactics, Techniques, and Procedures (TTPs).

The Rapid Cyber Risk Scorecard is an affordable and effective way for security and compliance managers to obtain a real-time, on-demand assessment of cybersecurity risks and highlight key areas for further assessment and verification. The Rapid Scorecard identifies potential supply chain risk by scanning the target company’s domain name using OSINT (open-source intelligence) techniques to identify potential problems posed by suppliers and third parties without the need to touch the target company’s internal assets.

(To learn more about the MITRE standards Black Kite’s developers follow, see the links on Common Weakness Risk Analysis Framework, Common Weakness Scoring System (CWSS™), The Common Attack Pattern Enumeration and Classification (CAPEC™), and Common Weakness Enumeration (CWE™)).

A partnership for success

“We are delighted to be working in partnership with DVV Solutions, as we expand our reach across the EMEA region.” said Mohamoud Jibrell, CEO and co-founder at Black Kite.  “DVV Solutions bring extensive knowledge of TPRM, especially in the application of Third-Party risk assessment and scoring to create intelligence that adds real value to our customers’ risk management programs.”

About DVV Solutions

Established in 1999, we have become one of the UK’s leading managed service providers in the design, implementation and management of Third-Party risk management solutions. Our suite of consultative and managed services delivers significant improvements in

– developing and maturing current risk methodologies and frameworks,
– scaling resources to supplement and enhance existing risk assessment programs, and
– delivering time and cost efficiencies through established best-practice and workflow automation

to enable risk assurance teams to spend more time on what’s important: eliminating control gaps, raising security standards, and reducing overall risk.

Find out more at

About Black Kite

Black Kite enables enterprises to assess, prioritize, and address the third-party cyber risk of any company, anywhere within 60 seconds. Using easy-to-understand scorecards, we provide standards-based letter grades on various risk categories, along with data on how to mitigate each risk in priority order. Black Kite provides the speed, standards, and substance needed to combat the newest risks and threats facing organizations today.

Learn more at

You can visit with Black Kite representatives during Infosecurity Europe, June 4-6, at Stand L150.

For more information, contact Adam Benson, [email protected], 202.999.9104 or Duncan Reed, [email protected], +44 (0) 161 476 8700.