Cyber risk management provider CyberGRX pledges full channel commitment with first partner program

While CyberGRX has had an unsystematic channel strategy in the past, its Board has committed to a channel-driven strategy to drive exponential global growth.

Walter Specht Jr., Director of Channel Development at CyberGRX

Denver-based CyberGRX, which launched in 2015, has announced their first channel partner program as they get systematic about building and nurturing a channel that can scale the company’s sales exponentially. They also formally announced the appointment of Walter Specht Jr. as Director of Channel Development.

CyberGRX makes a comprehensive solution that allows vendors to easily record, verify and use information about the security posture and potential risks represented by each third-party vendor with which they deal.

“The way that organizations managed the cyber risk posted by third parties traditionally has been through spreadsheets and questions around each vendor’s security posture,” Specht said. “They would get answers, and formulate opinions around what risk it might pose to their organization if they used that vendor. This process was kludgy, time-consuming and mapped to regulatory compliance, so when risk practitioners got the data back on spreadsheets, they often put them in a database and left them there. It was old non-intuitive technology and people couldn’t do anything with the data.”

CyberGRX maps the security assessment data with regulatory compliance requirements around the world to provide a single source of information.

“Blackstone, our founding equity partner, asked why couldn’t we do one security assessment that mapped with regulatory compliance around the world to provide a single source of information and share it among their portfolio companies,” Specht said. “That would save resources and time. This was the genesis of our solution – do once, share many and save on resources.” Blackstone thus became as customer as well as an investor.

“More than 60 per cent of breaches today are due to a third-party breach,” Specht noted. “We allow companies to present a comprehensive set of security questions to their vendors. They answer, we verify, and the data goes into our platform, to give a more accurate image of vendor risk.”

Most of CyberGRX’s customers are larger, in the Fortune 100 and 500 spaces, and across all verticals.

“This helps anyone who uses third parties to help them do their business, but company size does matter, because smaller companies can manage vendors by themselves,” Specht said. It’s when companies have thousands of vendors that matter. It’s not the big names that are problematic. It’s companies like ‘Two Bobs and a Garage.’ Do they water the gardens, or are they consultants who impact on IT and could pose a risk?”

CyberGRX first began to sell through channel partners almost immediately, in 2016, but the model then was primarily direct, and there was no systematic channel strategy.

“When we started with partners, we did deals through them opportunistically,” Specht said. “We sold to customers who had relationships with a partner who would bring them in. There was no nurturing involved.”

Specht emphasized that a fundamental change in strategy has now taken place.

“The Board has decided that the channel is necessary to get exponential growth,” he said. “This was the time to bring in a channel person. So I got involved in November, and came on board in January. The people behind the company  understand direct sales and channel sales, and they made a point of hiring someone who knows how to build out a channel.”

Specht spent three years managing channel sales in the Central region for Guidance Software before it was acquired by OpenText, and subsequently held channel roles at AccessData, Information Builders, Nuix, BitSight Technologies and Steel Veil Technologies.

“My philosophy is to make it as beneficial to partners as possible, from the top Platinum tier who have skin in the game, and the lesser tiers, down to Authorized with no requirements at all,” he said.

The program has four tiers. The Platinum and Gold tiers require commitment, while the Silver requires almost none, with no commitment at the services level, although it, like the top two tiers, does have a certification requirement. Specht said that they are looking to have about 15-20 of the key Platinum partners, as well as Gold and Silver, and with the door being left open for the Authorized.

While the program has specific support around training, sales and marketing, Specht said that the program benefits start with a clear channel commitment.

“First and foremost is a commitment to the channel at the Board and executive level,” he stated. “Our direct people have a comp-neutral model for sales through partners. As a newer company, we don’t have to change old paradigms here. At some other places, I’ve worked in the past, I’ve offered recommendations and they haven’t been implemented. That’s not the case here. We have strong Board support.”

Margin structure is guaranteed when list prices have to be discounted to get a deal.

“There will be no arguing back and forth as to who takes the haircut when the customer wants to pay less,” Specht indicated.

Their deal registration rewards the partner for bringing in new business. If the partner registers a deal, if it’s not in CyberGRX’s pipeline, it’s automatically approved.

“For deals already in pipeline, those partners can still submit a deal registration,” he said. “It affords them protection if they help us to get one of these deals. Partner-influenced deals also qualify for deal registration.”

As the program launches, 38 per cent of CyberGRX’s sales go through partners, as of the last quarter.

“We are aiming for 50 per cent by the end of the year,” Specht concluded. “We are moving in the direction of 100 per cent channel