Black Kite Introduces Open FAIR™-Based Risk Assessments, Expanding Its Cyber Risk Quantification (CRQ) Offering

BOSTON, MA – March 17, 2026 – Black Kite, the leader in third-party cyber risk management, today announced the release of Open FAIR™-Based Risk Assessments, which extends its CRQ capabilities to its AI-powered cyber assessment offering. Black Kite fully automates the calculation of probable financial impact in the event of a data breach, ransomware attack, or business disruption scenario using the industry-leading Open FAIR™ methodology, eliminating the complexity and manual effort typically associated with CRQ analysis. This latest release brings CRQ directly into the cyber risk assessment workflow, enabling customers to instantly calculate financial risk during onboarding and periodic risk reviews.

“While technical data will remain foundational, we see the future of third-party risk management being led by financial risk, which will become the key metric for decision making, increasingly shaped by board-level expectations,” said Chuck Schauber, Chief Product Officer, Black Kite. “Future risk decisions, from onboarding and renewals to insurance strategy, will be led by probable financial loss. With Black Kite’s newest capability, risk quantification analysis is now automated as part of the assessment workflow, so that risk leaders can instantly weigh risk versus revenue without manual analysis.”

As the industry’s first provider to automate Cyber Risk Quantification (CRQ) for third-party risk management, Black Kite has long delivered real-time CRQ through its continuous monitoring offering. These insights help risk teams prioritize remediation efforts and vendor outreach, and clearly communicate risk and program success to executive and business stakeholders.

By introducing Open FAIR™-based risk quantification into the assessment workflow, customers can model onboarding decisions through “what-if” analysis. For example, they can simulate how sharing more or fewer records with a vendor impacts financial risk so that they can set clear vendor approval conditions. Additionally, customers are able to view real-time CRQ alongside assessment-based CRQ captured at onboarding and during periodic risk reviews to track how vendor risk is trending over time. 

Customer key benefits include:

• Turn risk decisions into business decisions: Instantly quantify a company’s financial risk during onboarding and annual assessments to inform vendor selection, renewal decisions, and even insurance underwriting. 
• Clearer vendor comparisons: Use a consistent financial risk language (e.g., “Are we willing to accept $10M vs. $2M of cyber risk in a ransomware scenario?”) to objectively compare vendors and select the best option.
• Understand risk trends over time: Track how a vendor’s financial risk changes by comparing point-in-time CRQ from assessments with real-time CRQ from continuous monitoring to get a high-level understanding of vendor maturity, remediation progress, and the impact of outreach campaigns over time.
• Model scenarios with full customization: Adjust model inputs to test different decision conditions, like onboarding a vendor only if data access is limited, and see how each scenario changes probable financial impact.

Open FAIR™-Based Risk Assessments key features include:

• Automated FAIR model population: Never start with a blank model with Open FAIR™ factors that are automatically populated and enhanced by assessment responses, uploaded documentation, and insights from continuous monitoring. 
• Assessment-based private modeling: Run private, assessment-specific analysis to estimate probable financial risk impact at key moments, such as onboarding, renewal, post major outreach campaign, and more.  
• Full customization: Customize exposure metrics and FAIR inputs across key scenarios or entirely custom scenarios to test different assumptions. 

For more information, visit https://blackkite.com/platform/financial-impact. 

About Black Kite

Black Kite is the AI-native third-party cyber risk management platform trusted by over 3,000 customers to manage every supplier and every risk across their extended ecosystem. Powered by the industry’s highest-quality risk intelligence, spanning over 40 million companies, Black Kite is differentiated by the accuracy, transparency, and actionability of its data. The platform automates vendor monitoring and risk assessments, surfacing reliable insights into ransomware susceptibility, regulatory gaps, financial exposure, and more. With Black Kite, security and risk teams gain always-on visibility and trusted intelligence to act early, reduce exposure, and stay ahead of third-party threats. Black Kite has received numerous industry awards and recognition from customers. Learn more at www.blackkite.com, or on the Black Kite blog.