DVV Solutions, leading experts in Third-Party Risk Assessment, are pleased to confirm that Prevalent, Inc., our Partner in Third-Party Risk Management and Cyber Threat Intelligence, today announced the acquisition of Datum Security, the leader in Third-Party Risk Validation for small and medium-size business.
“Our objective has always been to provide a comprehensive suite of solutions for vendor risk management to our customers, from enterprise assessment software to vendor evidence sharing networks, to continuous monitoring,” said Jonathan Dambrot, CEO, Prevalent. “The Datum Security acquisition will help our customers greatly reduce the risk exposure resulting from small to medium sized vendors.”
There are approximately six million companies in the US with at least one employee, and more than 80 percent of those have fewer than 20 employees. Assessing SMB Third Party risk within “small” (50-500 employees) or “very small” (1-50 employees) vendors is difficult at best and nearly impossible in many circumstances. Standard questionnaires can be a burden for organisations with limited IT and security resources and expertise, and in many cases, may have little relevance to a 25-person organisation. Moreover, little data is available for small vendors which renders continuous monitoring solutions largely unhelpful. The Datum Security solution is specifically designed to address that gap utilising a purpose-built evidence collection technology specifically designed for SMB Third Party risk.
“It’s a real challenge for our customers,” added Matthew Hicks, Chief Strategy Officer. Prevalent. “A vendor with 20 or 30 employees simply can’t prioritise security controls assessments, and needs a simple, low overhead solution. The Datum solution combined with Prevalent’s existing third-party risk management platform creates a world class solution for organisations of any size.”
Sean O’Brien, DVV Solutions Managing Director added “The addition of Datum’s security solution to our risk management portfolio helps close dangerous gaps in SMB Third-Party risk exposure. Because they rarely have the manpower, expertise, or budget to establish and maintain a baseline of security SMB suppliers have as much risk as your large suppliers – often more so. Hackers know this, and they are leveraging these security gaps to attack SMBs. The level of automation this new risk assessment tool provides helps our Customers to streamline this process and gain a comprehensive insight into Third-Party IT risk across their entire estate.”
The Prevalent + Datum Security solution benefits small vendors as well, as it effectively provides an automated security assessment with improvement and remediation recommendations, in addition to satisfying the assessment needs of customers with minimal effort.
“Not only are there millions of small companies to account for, but more and more, those small companies are handling sensitive data or have access to it,” added Jonathan Niednagel, Datum Security Founder and CEO. “Small law firms, early-stage technology companies, insurance claims processing vendors, even mom-and-pop printers are often exposed to their customers’ sensitive information. Datum Security’s technology now gives Prevalent’s customers a means of accounting for and quantifying that risk exposure.”
Norman Menz, CTO, Prevalent, emphasised the impact on Prevalent’s solution strategy. “As the only company focusing exclusively on all dimensions of third-party risk – assessment, monitoring, evidence sharing networks – we understand where our customers have blind spots in their vendor risk profiles, and we’re constantly striving to provide 360-degree risk visibility into their vendor communities. Adding the Datum Security team and product to our portfolio has further positioned us as the only truly comprehensive third-party risk solution available.”
Sean O’Brien concluded: “This new addition to the DVV Solutions portfolio means Customers can easily scale up their risk management program by addressing the unique requirements for assessing SMB Third Party risk in small and medium-sized vendors. We now have a solution to enable our Customers to more effectively create a comprehensive assessment and analysis of risk across their entire suite of Third-Party IT suppliers and partners.”