This year has marked a shift in third-party risk management. The accelerated adoption of AI technology and the transition to cloud-based IT infrastructure have increased the regulatory scrutiny on third-party risks. In response, CISOs across organizations—especially at the enterprise level—are prioritizing investment in third-party risk management to strengthen their cybersecurity strategies.
As leaders in third-party cyber risk management, Panorays has worked hard to make sure our platform addresses this market shift and adapts to the changing needs of the market. Here are the milestones we accomplished in 2024 and the innovations we’ve introduced to ensure we continue to deliver the best defense against third-party risk.
Insights That Shaped 2024
This past year Panorays delivered invaluable insights that shaped the cybersecurity landscape. Through comprehensive surveys and reports, we uncovered key trends and challenges facing CISOs worldwide. These findings not only informed industry discussions but also empowered businesses to strengthen their strategies for managing third-party risks and adapting to evolving regulations.
- Panorays was named a leader in the Forrester Wave™ in Cybersecurity Risk Ratings Platforms, 2024. In an evaluation of ten of the most significant vendors in the Cybersecurity Risk Ratings Platforms market, it received the highest possible score from Forrester in criteria such as asset discovery and attribution, vendor discovery and mapping, and exposure prioritization and remediation. It also specifically mentioned the platform’s strong features for AI-led asset and vendor discovery, which include attributing confidence scores to all findings and publishing source details within each record for enhanced transparency. In addition, its AI Document Validation tool assesses supplier questionnaire responses to verify whether the observed data supports the response, streamlining the effort to prioritize remediations.
- 2024 CISO Survey for Third-Party Cyber Risk Priorities. When asking CISOs directly about third-party risk, we found that the vast majority (94%) are concerned about third-party cybersecurity threats. The larger the enterprise, however, the more pronounced that concern becomes: 47% of CISOs in midsize enterprises say they are very concerned about their level of risk, compared with 73% of CISOs in very large enterprises.
Cyber questionnaires for third parties are ranked as effective or highly effective for 73% of CISOs. Compliance management tools were chosen by 69%, and API monitoring by 68%. Audit and assurance software is considered to be effective or highly effective for 67% of CISOs, and when asking about external attack surface monitoring of third parties – the percentage was 66%. There is just a 7% difference between the most and least effective tool on the list.
- Adopting a Distinct Approach to Third-Party Cyber Risk Management. Panorays partnered with TAG Cyber to explore innovative approaches to third-party cyber risk management. In this report, Senior Analyst Dave Neuman shed light on how security and risk managers can achieve seamless end-to-end integrations and greater transparency within their third-party ecosystems. As industries increasingly depend on third-party vendors, this research highlighted the urgent need for robust cybersecurity measures to address the escalating risks in today’s complex digital landscape.
Game-Changing Product Updates
Panorays released several major product advancements that specifically addressed the latest challenges in AI and regulatory compliance.
- Document Validation (Smart Validation). The Panorays Smart Validation tool both validates the answers to the cybersecurity questions itself and speeds up the assessment process at the same time, allowing organizations to scale and assess dozens – even hundreds – of vendors simultaneously. Make fast and informed decisions by efficiently reviewing AI-calculated scores and evidence to bypass examining each document, simplifying follow-up actions like task remediation or asking in the conversation section.
- DORA “Register of Information” File Generator. With this new feature, Panorays enables organizations to generate a complete DORA Register of Information report – in just one click – to send to the relevant Supervisory Authorities (SA). In addition to reducing the time and effort it traditionally takes organizations, the easy generation of the report helps automate compliance reporting.
- Live Dashboard. With the new Panorays Live Dashboard, you can now build your own customized reports with the live data that matters the most to you. Select your preferred data visualization from our 20 newly developed widgets such as: Approval Status Summary, Risk Rating Breakdown, Suppliers Added Overtime, and Highest Risk Suppliers. The dashboards can be saved on the platform (under “Saved Views” in the “Configured” section) and easily edited. They are updated daily with live data.
- Activity Center. Gain enhanced visibility into all your suppliers’ activities on Panorays such as status changes, new questionnaires sent (with detailed descriptions), dates created, and the user who did it. Quickly track and follow up on events by monitoring activities and status such as remediation tasks, risk drop, and questionnaire submitted. Get an audit trail page offering customers a consolidated history overview to track activities on Panorays across all suppliers. Easily filter and export the data for reporting.
- Dark Web Enhancements. Enrich your risk assessments with details from Cyber Threat Intelligence (CTI) sources. View summarized insights into your company’s mentions on the dark web (including details such as source type, descriptions, site, date, tags, and domains) that provide a clearer picture of your company’s and third parties’ cyber status. Get alerts of events and mentions specific to your company.
Engaging Events and Community Building
Panorays also engaged in global events in the cybersecurity space to share these insights and demonstrate its AI-powered solution.
- At the RSA Conference 2024, it focused on its advanced capabilities to identify suppliers using AI and detect the utilization of risky “privileged” AI models within the digital supply chain. It also showed how its platform uses highly tuned AI models to accurately identify the digital assets in the supply chain by automatically identifying all third parties, 4th parties, and up to the n-th level while accurately scanning and validating each finding with minimum false positives. By automating the manual work associated with the process to provide a streamlined workflow automation with AI, it enables scaling of the TCPRM process as well.
- At Infosecurity Europe Dov Goldman, VP of Risk Strategy at Panorays spoke about the importance of DORA and its UK counterpart and which tools organizations need to prepare. At the conference, Panorays also highlighted the achievements Forrester mentioned that included its ability to “prioritize business context for third-party cyber risk management and highlight supply chain complexity and the deep technical functionality required to secure it from a first- and third-party perspective.”
- At BlackHat, Panorays hosted its first-ever Cybersecurity All-Star Game, pitting CISOs against CEOs. On behalf of each player, a donation was made to the Women’s Society of CyberJutsu, an organization dedicated to supporting women in the field of cybersecurity. Check out the full Cybersecurity All-Star Game Recap here.
Looking Ahead to 2025
Panorays is committed to continuing to be a leader in third-party risk management by adapting to both the latest technology and evolving cybersecurity landscape by enhancing its platform with advanced AI-driven analytics, deeper integrations, and expanded continuous monitoring capabilities. However, its focus continues to be on helping organizations gain greater visibility into their supply chains, ensuring robust compliance with global regulations, and fostering stronger collaboration between stakeholders. Together with our partners, we will continue to build a secure and collaborative future against third-party risk in the coming year.
Want to learn more about Panorays’ AI-powered TCPRM and how you can use it to meet the cybersecurity challenges in the coming year? Get a demo today!
