CyberGrape
    CyberGrape
    Insights
    Supply Chain and Vendor Risk

    Your suppliers could be the way in.

    The CyberGrape Platform integrates Black Kite to monitor every vendor in your ecosystem in real time. Risk scores, ransomware susceptibility, financial impact: surfaced in your platform dashboard without asking your suppliers to do anything.

    Most breaches start with a supplier, not a direct attack.

    Supply chain attacks have become the preferred route for sophisticated threat actors. Your suppliers have legitimate access to your systems, your data, and sometimes your clients. If they are compromised, you can be too, and often without any action on your part.

    The problem for SMBs is that traditional vendor risk management is expensive and manual. Annual questionnaires that suppliers fill in with minimal scrutiny, reviewed by someone who has limited context to assess the answers. It is security theatre, and everyone knows it.

    Black Kite eliminates the questionnaire. It monitors your suppliers continuously using open-source intelligence and threat feeds: no co-operation required. You get a real-time risk picture that updates the moment something changes.

    Powered by Black Kite

    Real-time risk scores for every vendor in your ecosystem: no questionnaires required

    app.cybergrape.io/supply-chain/vendor-risk
    Portfolio Rating
    B+
    Vendors Monitored
    24
    High Risk
    3
    Critical Findings
    8
    Critical: Exposed admin portal detected on NexGen Networks, RSI 67%, action required within 48 hrs
    Vendor
    Category
    Rating
    RSI
    Risk Level
    Change
    Acme Cloud Services
    Cloud InfrastructureA12%Low+2
    GlobalTech Solutions
    Software DevB+28%Low-1
    SecureData Corp
    Data ProcessingB41%Medium-5
    NexGen Networks
    NetworkingC+67%High-8
    Velocity Hosting
    Managed HostingB-38%Medium+1
    ProLink IT Services
    IT MSPA-9%Low-

    Powered by Black Kite.

    Black Kite is the leading third-party cyber risk intelligence platform. CyberGrape is one of the first firms in Australia and New Zealand to make it accessible to SMBs.

    Real-time vendor risk ratings

    Continuous monitoring of every supplier in your ecosystem via Black Kite. Risk scores on a 0–900 scale, updated as new intelligence is gathered. No agents, no questionnaires: open-source intelligence and threat feeds do the work.

    Ransomware Susceptibility Index

    Black Kite's proprietary RSI tells you how likely a vendor is to suffer a ransomware attack based on their current security posture. Know which suppliers are high-risk before they become your problem.

    Financial impact in dollar terms

    Vendor risk quantified in dollars using the FAIR methodology. The number that gets a board's attention: not a RAG rating, but an estimated financial exposure if this supplier is compromised.

    Breach and change alerts

    Instant notification when any monitored vendor's posture changes: a detected breach, leaked credentials, a critical vulnerability. You know before the vendor tells you, and often before they know themselves.

    Vendor scorecards and remediation guidance

    Board-ready supplier risk reports with plain-language findings and remediation steps that can be shared directly with your vendors. Turn supply chain risk into actionable supplier conversations.

    Compliance mapping across frameworks

    Every vendor assessed against ISO 27001, GDPR, PCI DSS, SMB1001 and other frameworks. Know which suppliers satisfy your compliance obligations and which create gaps you need to address.

    SMB1001 Diamond

    Required for Diamond. Valuable well before that.

    A digital trust programme is a mandatory SMB1001 Diamond control (4.9.0.1). But the business case exists at every tier: enterprise clients, cyber insurers and government procurement are all asking for evidence of supplier risk management. Having it gives you a commercial advantage over competitors who don't.

    Satisfies SMB1001 Diamond control 4.9.0.1
    Supports cyber insurance underwriting documentation
    Answers procurement due diligence questions proactively
    Regulatory alignment for DORA, NIS2 and SEC frameworks
    See SMB1001 Diamond certification →

    Also in the platform

    Security Command Centre

    Live posture. Every tool. One screen.

    Risk Management

    AI-powered risk register with board-ready reports.

    Executive Reporting

    AI-generated reports from your live platform data.

    Know your risk before it knows you.

    Get started and see your vendor risk picture within your first session.

    See TPRM as a managed service