Supply Chain Defense
Key Takeaways from a Commissioned Total Economic Impact™ Study of BlueVoyant Supply Chain Defense by Forrester Consulting
May 23, 2023 | 4 min read
George Aquila
Product Marketing Manager
In modern business operations, enterprise risk decision-makers across diverse industries are becoming increasingly aware of third-party cyber risk as a critical business priority. While some companies are proactively getting out in front of this challenge, many are not, and remain continually exposed to threats in their supply chains. To make matters more difficult, the process of constructing an effective Third-Party Cyber Risk Management (TPRM) program will vary for every organization depending on their business priorities and the sector they operate in.
In response, many organizations are looking for effective tools and services that can help them deal with and mitigate the threat of cyber risk in their third-party ecosystems.
BlueVoyant Supply Chain Defense (SCD) provides organizations with a managed service that identifies, validates, prioritizes, and confirms mitigation of cyber threats and vulnerabilities across supplier ecosystems. And when it comes to the practical benefits, there is now a more impartial method of evaluating if SCD is the right solution for your organization.
BlueVoyant commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study on the company’s behalf, published in April 2023, to determine the real objective value of the service offered by Supply Chain Defense. TEI is Forrester’s proven methodology to justify, quantify, and articulate the value of an investment. Forrester’s TEI study framework provides an analysis of the benefits — including the economic benefits — costs, risks, and flexibility that buyers realize using a given solution. The study notes various quantifiable and unquantifiable benefits for current and potential customers
To conduct the study, Forrester interviewed representatives of BlueVoyant clients that had experience using SCD. They then aggregated the interviewees’ experiences and combined the results into a single composite: a highly-regulated organization with an annual revenue of $10 billion and 30,000 employees. This composite organization serves as the basis for the quantitative evaluation.
The representative interviews and subsequent financial analysis found that the composite organization experienced benefits of $4.02 million over three years versus costs of $1.02 million, adding up to a net present value (NPV) of $2.99 million and an return on investment (ROI) of 292%.
In terms of effective delivery of results, the study concluded on a 65% increase in efficiencies in monitoring risk and identifying third-party suppliers on an ongoing basis. Efficiencies increased with SCD’s managed service as processes shifted from ad-hoc, point-in-time projects to continuous monitoring into the third-party supplier ecosystem. Over three years, these efficiencies are calculated to be worth over $761,000.
Working towards continued and holistic risk reduction is one of the primary objectives of BlueVoyant Supply Chain Defense. In that regard, the study concluded that companies leveraging SCD experienced a 70% reduction in suppliers above risk thresholds, which led to business risk cost avoidance. The risk posture of an organization is affected by any supplier outside of that organization’s risk tolerance. With BlueVoyant SCD, effective identification of vulnerabilities and followup communication with suppliers to remediate them resulted in the reduction of external risks and the improvement of the organization’s risk posture. Over three years, these cost savings for the composite are estimated to be worth more than $853,000.
When it comes to accelerating remediation, the study demonstrated that Supply Chain Defense can reduce the amount of time it takes for organizations to remediate critical risks and events by 60%. Efficiencies were experienced in the remediation process of each vendor, which helps to augment efforts from several FTEs as they resolve critical events.
Prior to using Supply Chain Defense, clients told Forrester they relied on ad-hoc, inconsistent processes which limited success and visibility. In addition, clients said prior talent gaps and limited resources led to lengthy remediation processes and impacted the daily continuity of their business. With BlueVoyant, the interviewees’ organizations reduced the time to remediate as visibility into the supplier ecosystem drove efforts and communication with impacted suppliers. Over three years, these reductions in time to remediate critical events was calculated as being worth more than $287,000.
Beyond the calculated benefits determined by the study, a number of more qualitative benefits (referred to by Forrester as “unquantifiable benefits”) were also observed. These include a reduction in false positives, improved supplier relationships, and highly effective BlueVoyant customer support. The reduction in false positives was attributed by interviewees to the accuracy of BlueVoyant alerts compared to their previous environment. Fewer false positives enabled the interviewed organizations to focus solely on vulnerabilities that had impact.
Likewise Interviewees described the impact that providing suppliers with accurate insights and timely data had on their overall relationship. Suppliers were often unaware of their own vulnerabilities and utilized the risk monitoring data provided by the interviewed organizations to improve the security posture within their own companies.
The Forrester TEI provides the validation that those looking for a cost effective solution to supply chain defense can find a well rounded solution with BlueVoyant. The process of building out a successful TPRM doesn’t need to be difficult. You can download the study today to discover:
- The various cost savings of implementing Supply Chain Defense as compared to building out an in-house program
- The business benefits that adding a fully managed solution can grant you
- Testimonials from those who have used and benefited from SCD
Related Reading
Supply Chain Defense
Lessons Learned From the Latest Supply Chain Breaches
December 22, 2022 | 4 min read
Digital Risk Protection
3 Ways Threat Actors Infect the Healthcare Sector
May 18, 2023 | 4 min read