ASX-listed cyber security exchange WhiteHawk today announced that it has been contracted by a US Federal Government CISO to implement WhiteHawk’s Cyber Risk Radar.
This will provide continuous monitoring, prioritisation, and near real-time mitigation of an enterprise’s teammates, vendors, or supply chain’s cyber risks over time, including the identification and prioritisation of a risk mitigation strategy.
WhiteHawk Cyber Risk Scorecards will be provided quarterly, virtually and remotely, for 150 to 300 vendors to this US Federal Government Chief Information Security Officer, via an integrated risk management dashboard.
The annual Software as a Service (SaaS) contract, will see WhiteHawk generate base revenues of $US580,000 and up to an additional $US600,000, with up to $US1.18m each year of the contract, with four additional option years at the same levels.
“After a very successful Proof of Value early last year, now we are putting in place our first 5-year Cyber Risk Radar contract with a sophisticated U.S. Government CIO, who will work with us to take the capabilities of our platform and virtual services to the next level,” says CEO and founder Terry Roberts.
“This is about protecting a major US Government organisation from vendor risk,” she says. WHK is the first global online cyber security exchange enabling businesses of all sizes to take smart action against cybercrime.
“The big deal for us is that we are the prime contractor, this is a direct contract with us, it’s not through another contractor.” This is the first US Federal contract where WhiteHawk is the Prime Contractor.
On three other US Federal Department CIO Contracts, WhiteHawk is a Cyber Solution sub-contractor to Accenture Federal, SAIC and Guidehouse (formerly PWC Federal).
“Vendors are always a weak link in any organisation. You can have the best security ever but, of major cyber breaches, over a third are through vendors, contractors and providers.
“We all rely on our vendors, suppliers and partners. In today’s digital age their risks are our risks. Previous methods of closing this back door involved primarily, compliance and self reporting.
“Ours involve continuous risk monitoring of all publicly available datasets and AI-based analytics baked into our cyber risk score cards.”
WHK is the first global online cyber security exchange enabling businesses of all sizes to take smart action against cybercrime.
What does the Cyber Risk Radar package include?
Cyber Risk Radar is an annual SaaS subscription service developed by WhiteHawk consisting of quarterly services that include Cyber Risk Scorecards, Cyber Risk Portfolio Reports, and ongoing conversations with a professional cyber analyst for:
– Risk research and discovery — Collect, analyse, and correlate publicly available data into actionable intelligence.
– Continuous monitoring and alerts — Understand an organizations security performance and be alerted to impactful changes.
– Focused analytics — perform deep dives in the areas that need focus rather than the entire dataset.
– Ecosystem maps — visualise the enterprise by understanding the supplier and vendor interconnections.
– Risk prioritization & mitigation — Prioritise mitigation and business actions based on levels for impact and performance.
– Integration into a centralised risk management dashboard — continuous situational awareness, tracking, mitigation and management of the SCRM/VRM program.
– Portfolio assessments — understand an organisation’s portfolio of all suppliers and vendors.
This contract is the result of a Proof of Value that was implemented early in 2019 across 10 vendors for the same US Government agency. WhiteHawk demonstrated through automation and subject matter expertise, the status and health of suppliers.
This was done using global publicly available data sources, AI analytics, and custom Cyber Analytics to assess and report on top risk indicators and vectors, areas that may require prioritised attention.
Because the Cyber Risk Radar approach is externally available data-based and is non-invasive, WhiteHawk does not require access to internal IT assets and configurations in order to deliver its services.