Latest news with #PadraicO'Reilly
Business Wire
6 days ago
- Business
- Business Wire
CyberSaint Recognized in the 2025 Gartner® Market Guide for Third-Party Risk Management Technology Solutions
BOSTON--(BUSINESS WIRE)-- CyberSaint, a leader in cyber risk management, is proud to announce its inclusion as a representative Vendor in the Gartner® Market Guide for Third-Party Risk Management (TPRM) Technology Solutions, published in May 2025. We believe this recognition affirms our vision of transforming cybersecurity with real-time automation, AI, and a contextual cyber risk intelligence layer that empowers security leaders to act with speed and precision Share 'We believe this recognition affirms our vision of transforming cybersecurity with real-time automation, AI, and a contextual cyber risk intelligence layer that empowers security leaders to act with speed and precision,' said Padraic O'Reilly, Founder and Chief Innovation Officer at CyberSaint. 'As enterprises face growing regulatory and operational demands, our inclusion validates CyberStrong's capability to meet the needs of security and risk leaders navigating a dynamic vendor landscape.' As per the report, 'Legal, compliance, risk and procurement leaders can use this research to identify technology solutions and risk domains for managing and mitigating third-party risk. TPRM platforms offer versatile capabilities that support supply chain, IT, cybersecurity, procurement, legal and compliance functions.' Mandatory Features TPRM solutions must support the following activities: Identifying third-party risk: Determine which risk domains are relevant to a third party. Analyzing risk: Measure the potential impact on a customer's business or supply chain and provide an impact estimate. Managing and escalating risk: Offer platform functionality to surface and escalate risks, informing risk mitigation efforts. This may include escalation, tracking, action plans and risk tiering. Continuous monitoring: Provide visibility into risk events through dashboards, reports, alerts, reminders and notifications. Third and fourth-party risk mapping and metrics: Offer risk mapping, risk visualization, metrics and the ability to export third-party risk data for reports and presentations. 'Our customers want to see the full picture — not just siloed snapshots,' said Matt Alderman, Chief Product Officer of CyberSaint. 'CyberStrong enables dynamic third-party risk evaluation and provides cross-functional visibility that bridges cybersecurity, risk, and compliance teams for risk inside-out and outside-in. That's what makes it so powerful.' For more information about CyberSaint's Third-Party Risk Management capabilities and the CyberStrong platform, visit or register for CyberSaint's upcoming webinar, 'From Silos to Strategy: Third Party Risk, Vendor Oversight & What's Next'. Gartner, Market Guide for Third-Party Risk Management Technology Solutions By Antonia Donaldson, Luke Ellery, John Klapmust, Oscar Isaka, Alicia Booker-Carney, Dawn Singer, Martin Shreffler, Joanne Spencer, Lynn Stan, 5 May 2025. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner Disclaimer: Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. About CyberSaint CyberSaint is redefining how enterprises manage cyber risk through CyberStrong's real-time cyber risk intelligence layer. The platform ingests millions of dynamic datapoints to give security leaders the context they need to quantify risk, monitor compliance, prioritize action, and prove ROI, automating instantly what once took teams weeks or months. With AI and automation at its core, CyberSaint turns cyber risk into a strategic advantage. Learn more at For more information, please visit:
Forbes
08-05-2025
- Business
- Forbes
Your SOC Doesn't Need More Alerts—It Needs A Brain
Padraic O'Reilly is the Founder at CyberSaint, transforming cyber risk management with AI, automation, and actionable insights. getty The phrase "alert fatigue" has become a mainstay in cybersecurity conversations. However, behind the flood of findings, alerts, vulnerabilities and compliance gaps lies a deeper problem: the security context crisis. Security teams aren't just drowning in volume; they're operating without a clear sense of what matters most and why. As expected, the cybersecurity landscape is in constant flux—both inside and outside your organization. Every day, new vulnerabilities are discovered, common vulnerabilities and exposures (CVEs) are published, threat actor tactics, techniques and procedures (TTPs) evolve and active exploit campaigns emerge. Meanwhile, internally, asset inventories shift, misconfigurations pop up and controls degrade. Each of these changes can introduce new risk, but rarely are they evaluated together. Correlating this evolving external threat landscape with an equally dynamic internal environment is no small feat, and without the right context, it's nearly impossible to prioritize next steps effectively. Security operations centers (SOCs) are overwhelmed. According to a 2023 Cybereason report, 16% of surveyed SOC professionals manage only 50% to 59% of their weekly alert volume—meaning nearly half of incoming alerts go unactioned. This is not a resource issue; it's a signal-to-noise issue. This results in analysts spending more time triaging than reducing risk and security leaders struggling to extract meaning from the chaos. The costs of this crisis are already playing out in SEC filings and earnings reports. In January 2025, ahead of the World Economic Forum's annual meeting, global leaders warned of not just isolated attacks but a convergence of geopolitical tension, AI-powered threats and increasingly fragile digital infrastructure. CISOs and heads of state alike flagged the growing risk of large-scale systemic cyber events, where one compromised system could trigger cascading failures across sectors. Despite this clear and present danger, many organizations still manage cyber risk in silos with disconnected tools and manual processes that can't keep pace. The threats are evolving faster than our ability to see them—let alone act. Regulators are also increasing the pressure. The SEC has begun cracking down on companies for downplaying the scope or impact of cyber incidents. These datapoints are signs of a system under strain, where the inability to identify and act on meaningful threats before they materialize leads to costly impacts. The future of cybersecurity isn't about shrinking the number of alerts but about surfacing the right ones. This means providing context so security teams can address the highest priority findings first. Security teams today are forced to treat every finding like a potential crisis because they lack the necessary context to know which issues are critical. Maybe it is, maybe it isn't? Every alert is potentially critical because there isn't a reliable way to correlate internal cyber risk posture data (controls, assets, configurations, etc.) with external threat intelligence. Teams are stuck reacting to noise instead of acting on risk. This is where AI can help—not by replacing teams but by augmenting them with clarity and prioritization. AI's role in security isn't to replace human analysts. It's to amplify their ability to prioritize by analyzing massive volumes of security-relevant data in real time and making connections that would take humans days or weeks to uncover. AI can identify patterns, anomalies and correlations that are invisible to the naked eye. For companies I've personally worked with, it can flag the three alerts out of 3,000 that actually point to a business-critical issue based on how likely and impactful the risk is—and it can do so continuously, learning and adapting to evolving threats and environments. The shift isn't just toward automation; it's toward intelligent, contextual decision-support. However, AI is only as powerful as the data it's trained on. In cybersecurity, that means pulling together everything—from asset configurations to TTPs to missing controls—and understanding how it all interacts. The power of AI lies in its ability to connect these dots. Not just to reduce alert volume but to prioritize what matters based on business impact. Is this vulnerability on an internet-facing, revenue-generating asset? Is it being actively exploited in the wild? Do we have controls in place to mitigate it, or do we need to escalate? That's the kind of insight that prevents breaches, and that's what's missing today. To bring meaning to chaos, organizations must ingest and correlate data such as vulnerabilities (system-specific exposures), common weakness enumerations (code-level flaws and design weaknesses), CVEs (known public vulnerabilities), TTPs (adversary behavior patterns such as MITRE ATT&CK), threat intelligence feeds (emerging IOCs and APT campaigns), assets (business-critical systems, endpoints, cloud workloads, etc.), control gaps (deviations from expected security posture), risks (aggregated threat likelihoods and impacts), compliance frameworks (requirements from NIST CSF, ISO 27001, etc.) and business context (which systems support revenue, operations or customer experience). As cyber threats grow more dynamic and the internal environment shifts daily, CISOs are under pressure to lead with precision. However, precision requires clarity. Before meaningful automation or response can happen, CISOs must ask the right questions that expose where context is missing. Here are a few to start with: • Are we treating many of these alerts equally because we don't trust our prioritization logic? • Do we understand our control environment and, importantly, holistic cyber risk posture well enough to know where we're most vulnerable? This means taking into account all relevant datapoints. • Can we correlate our internal control data with active threat intelligence in real time? If not, why? How can we make this a strategic priority? If the answer is "not yet," it's time to rethink the way your security program operates. The next evolution of cyber risk management is powered by real-time data, automation and AI, and leaders (whether technical or business-side) can't make this shift soon enough. The tools are finally available if you look for them. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Forbes
25-03-2025
- Business
- Forbes
How To Shift From GRC To AI-Powered Cyber Risk Management
Padraic O'Reilly is the Founder at CyberSaint, transforming cyber risk management with AI, automation, and actionable insights. For decades, governance, risk and compliance (GRC) platforms have been the backbone of enterprise risk management. But GRC was never built for cybersecurity—it was designed for static compliance processes, annual audits and regulatory checklists. Cyber risk, however, is anything but static. It is a dynamic, real-time challenge, evolving daily with new threat intelligence, regulatory shifts and an increasingly complex business environment. According to Gartner's Innovation Insight: Cyber GRC Streamlines Governance report, "When organizations use multiple tools focused on different risk domains, not specifically designed for cyber GRC, data is fragmented, and it is difficult to understand the impact of cyber risks." Cyber threats have intensified dramatically. For instance, Amazon reported encountering approximately 1 billion cyber threats daily in 2024, a significant increase from 100 million earlier in the year. This surge is attributed in part to cybercriminals leveraging advancements in AI to enhance their attack strategies. Meanwhile, global cybersecurity spending is projected to reach $212 billion in 2025, according to Gartner, a reminder of the resources required to keep up with emerging threats. As AI reshapes the threat landscape and new SEC regulations put cyber risk in the boardroom, more organizations are beginning to shift from traditional GRC to automated, continuous cyber risk management. However, to ensure this transition is successful, businesses must take a strategic approach. GRC was designed in an era where compliance was about proving adherence to frameworks like SOX, HIPAA or PCI through periodic assessments and manual checks. But cybersecurity doesn't operate on an annual cycle. Threats emerge by the second, attack surfaces expand overnight and adversaries exploit vulnerabilities before most organizations even identify them. The rigid, checklist-based nature of GRC can create gaps in visibility, making it difficult if not impossible for organizations to adapt to real-time cyber threats. This is especially important considering the growing need to provide a comprehensive view of an organization's cyber risk posture and effectively mitigate risk against sophisticated, AI-driven cyberattacks at scale. For instance, hackers from nations like China and Iran are using advanced AI technologies to bolster their cyberattacks, employing AI to write malicious code, identify vulnerabilities and gather intelligence on target organizations. The financial repercussions of cybercrime are escalating. The global average cost of a data breach rose nearly 10% to $4.9 million in 2024, underscoring the significant financial risks organizations face from inadequate cyber risk management. As advanced threat actors accelerate their tactics, security teams must adapt just as quickly. Yet, traditional cyber risk management—where GRC platforms primarily serve as documentation repositories rather than intelligence-driven systems—has left many CISOs reacting rather than proactively managing risk. To navigate today's evolving threat landscape, security leaders need more than FAIR quantification, compliance checklists or fragmented reporting. They require real-time, actionable insights that drive strategic decision-making, protect critical assets and facilitate meaningful communication with the board. This demands a fundamental shift from reliance on disconnected point solutions toward integrated, platform-based approaches. By consolidating internal and external data across the entire cyber risk management lifecycle, organizations can move beyond static assessments to dynamic, intelligence-led strategies—enhancing risk visibility, improving response effectiveness and maximizing return on security investments. The SEC's cyber disclosure rules have made one thing abundantly clear: Cyber risk is now a boardroom concern. Boards are being held accountable for their organizations' cyber postures, requiring security leaders to provide real-time, quantifiable insights into their risk landscapes. For cybersecurity to be effective, it must be integrated into the core business strategy. The future is not about layering new tools on top of outdated processes—it's about rethinking cyber risk management entirely. Adapting as quickly as our adversaries means leveraging the automation at our disposal, especially as AI innovation booms. An automation-first approach should: • Quantify cyber risk in financial terms, allowing security teams to communicate risk in a language the board understands. • Provide real-time cyber risk intelligence by processing millions of data points including CVSS scores, threats, vulnerabilities, industry risks, benchmarks and control scores across frameworks. • Continuously assess and adapt as the threat landscape changes, leveraging AI to ingest evolving threat and vulnerability data, industry benchmarks and breach reports, and deliver insights into exploitability based on your internal cyber risk posture. • Break down silos between security, risk, compliance and executives, aligning all stakeholders with a single source of cyber truth. • Deliver credible tracking and reporting for C-suite, board, auditor or regulatory review. How are organizations ensuring a smooth shift to an AI-first approach while avoiding disruption or confusion? First, consider aligning internal stakeholders, including the SOC and GRC teams, making it clear that they should work as a team as insights into what gaps are the most critical surface. Use this as an opportunity to motivate them, as they'll now be able to move from reactive, manual workloads to more strategic daily work. Security leaders should also work with business leaders to align on how much risk is acceptable to their CEO or board. In addition, selecting a trusted vendor to guide your transformation can help as integrating automation in a way that complements your existing tech stack and team can make or break success. By understanding these factors and proactively addressing common hurdles, organizations can take a strategic approach to modernizing their cyber risk management without disruption. Security leaders should communicate the value of this transformation to the CFO, CEO and board whenever necessary to get the proper backing. Moving to "automation-first" cyber risk management drives measurable financial impact by eliminating costly manual analysis, reducing reliance on outdated risk registers, and enabling AI-powered decision intelligence to prioritize cyber risks based on business context. By continuously monitoring risk in real time, organizations can shift from reactive to adaptive risk management, optimizing resources and maximizing return on security investment (ROSI). You'll be able to show in financial terms how much you've invested in security and what risk it's addressed, as well as how you've driven business growth. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
