The Bedrock of Effective TPRM? Quality Data

Written By: Candan Bolukbas

Imagine you’re watching a basketball game on TV. There are 10 minutes left, and your team is only ahead by two points. If you flipped the TV off now, would you go out and tell everyone that your team won the game? 

Probably not! Without accurate, complete, and updated information on the last 10 minutes, you probably wouldn’t feel confident predicting and boasting about the game’s outcome.

The stakes are different, but the concept is the same when it comes to third-party risk management (TPRM). Having high-quality, reliable, and complete data powering your TPRM tools and strategy is essential for good decision-making and daily operations. 

However, not all data is created equally. Incomplete, inaccurate, or outdated data can hinder the effectiveness of your TPRM program and even put your company at risk. That’s why data quality risk management is so important. Read on to learn what distinguishes quality data, how to implement data quality control processes, and why Black Kite provides the most trustworthy data in the industry.

What Does Quality Data Look Like? And Why Is it Important?

Today, a high quantity of data isn’t enough. You need quantity and quality data to meet evolving regulatory requirements, make informed risk decisions, and even empower sophisticated business applications, such as predictive analytics. 

So with the flood of data generated daily, how can you determine what data is good and what’s not? When it comes to data for third-party risk management, Black Kite defines quality data as having the following characteristics: 

• Accurate: Accurate data is free from errors; what you read in your intelligence reports aligns with what’s in the real world. At Black Kite, we observe that data from a single source is, on average, 70% accurate or 30% false positives. For better accuracy, you must draw on and cross-validate data from multiple sources. 
• Timely: The world of cybersecurity moves fast, and data can quickly lose value. The most impactful, quality data is updated regularly. Outdated data can lead to decisions based on obsolete information.
• Complete: Data for an assessment should cover the vast majority of a target company’s assets and not include any findings belonging to other companies. In other words, the scoring system should be highly reliable (i.e., have a high true positive rate) and highly consistent (i.e. have a low false negative rate). The image below shows a reliable and accurate assessment with low false-negative results and high true-positive results.

What Data Quality Processes Should We Follow?

Most data today is low quality. Low-quality data is outdated, incorrect (unintentionally or maliciously), and can lead to false conclusions. So how can you ensure your company is using quality data that’s accurate, complete, and timely? 

Here are three best practices to follow to improve the quality of the data in your third-party risk management program: 

• Cross-validate your data: You must collect and cross-validate data from multiple sources to cut out extraneous, inconsistent, or dubious information (noise) and pinpoint the data that’s accurate (signal). 
• Update your data regularly: To keep your data fresh and relevant, it must be updated weekly, at a minimum. 
• Verify your data sources: To reduce your chances of being duped by false data, vet your sources. For example, investigate whether your data source has a track record of providing accurate and reliable data.

Why Black Kite’s Data Is the Most Reliable in the Industry

At Black Kite, we pride ourselves on providing cyber risk detection and intelligence tools built on some of the most reliable and high-quality data in the industry. Here’s why you can trust our data quality for risk management:

• We cross-validate all data for better accuracy. We cross-validate all data across three different sources. We only keep data that at least two sources can verify. This increases our average data accuracy to above 97%. 
• We update our data regularly. At Black Kite, we update data weekly, at the minimum. When it comes to significant security events (such as the MOVEit breach in 2023), we strive to update our data as soon as possible (often within 24-48 hours) so our customers are always working from the latest intel. 
• We have the lowest false positive to false negative rates ratio: We maintain an exceptionally low ratio of false positives to false negatives, ensuring high data accuracy and comprehensive risk detection. A false positive is akin to a false alarm; our low rate of 3% signifies that our data is 97% accurate on average. Conversely, a false negative means a missed risk; our low rate of 5% indicates we identify the vast majority of risks. Essentially, Black Kite achieves 95% risk discovery with 97% accuracy, providing reliable and thorough risk assessments.
• We normalize our data. At Black Kite, we’re the only organization using industry standards (e.g., MITRE, NIST) to translate raw data into contextualized risk intelligence. In other words, we make sure data is presented in a format and language that everyone in the industry can understand.

“Black Kite’s unique focus on standards-based ratings tackles the industry’s ratings integrity problem head-on. It’s the only vendor in this evaluation whose customers were unanimously satisfied with its rating accuracy.” The Forrester Wave™: Cybersecurity Risk Ratings Platforms, Q2 2024

Get Proactive and Gain Control with Black Kite

Managing your cyber ecosystem can be tough. The cyber landscape constantly changes, with bad actors lurking in blind spots. Sorting through the sheer amount of data collected every day and determining what’s credible is a challenge for many teams.

That’s where Black Kite comes in. Black Kite offers a scalable platform built on trustworthy and complete data for risk management, so you can illuminate all risks within your entire cyber ecosystem, without the hassle. 

If you want to know exactly where your data comes from when using Black Kite, read more about our methodology.