Thomas Murray Cyber Risk
We have built a threat intelligence platform for companies of all sizes to monitor their enterprise and third-party risk exposure.
Our platforms are already trusted by 100+ of the world’s leading banks and funds, tailored for financial services success.
Company Ratings from 0-1000, based on objective analysis of an organisation’s visible network footprint
Sector-by-sector benchmarking, showing how the organisation ranks against its peers and competitors
Server-by-server breakdown, with detailed information about potential breaches, vulnerabilities and misconfigurations discovered
Fully integrated with Thomas Murray’s due diligence and risk platforms, providing you with a holistic third-party risk management solution
Unique Key Features
Network Footprint Discovery
Automated discovery & continuous monitoring of organisations’ public network presence.
Continuous, Scalable Monitoring
Monitoring for new vulnerabilities, phishing and malware activities across your internet-facing IT infrastructure.
Ratings, Analytics & Remediation
Use the interactive dashboard to make fast and smart security decisions, using objective, verifiable data.
Unique Sector-by-Sector Benchmarking
Banks (Custody, Private, Investment, Depositary, Retail)
Fund Delegates (Transfer Agents, Distributors, Platforms and more)
Crypto Service Providers
Government & Public Service
Other Corporate Sectors
How it works
Intuitive Platform. Objective Data. Proactive Monitoring.
See what the hackers see
Ability to aggregate proprietary, open-source intelligence and premium third-party data providers
Cyber Risk Ratings
Q: Why does Thomas Murray provide sector-by-sector benchmarking?
A: As well as an organisation’s objective, 0-1000 score, we believe that there is huge value in comparing a company to its peers. We are uniquely placed to be able to provide this kind of benchmarking, thanks to our powerful reputation for analysing financial services counterparties globally. Our platform compares an organisation to Thomas Murray’s ‘global’ universe of thousands of companies, as well as the specific sector such as ‘CSDs’, ‘transfer agents’ and ‘asset managers’
Q: How can I monitor an organisation that Thomas Murray does not track today?
A: Easily. Simply provide the name of the organisation and its root domain, and Thomas Murray will do the rest.
Third Party Management
Q: Are questionnaires sufficient to mitigate third-party cyber risks?
A: Increasingly, financial services companies are finding that point-in-time assessments alone are not sufficient. We believe that a company is only as secure as its network of interconnected third parties, and cyber risks can emerge at any time, at any point in the value chain. IT Security questionnaires are important, but they should be complemented with continuous, real-world monitoring. Demand for this is three-pronged, from regulators, CISOs and investors.
Q: Do I need to get the permission of a third party to monitor them?
A: No, our ratings our based on proprietary analysis, open-source intelligence and premium third-party data providers. We do not ask monitored organisations to respond to questionnaires or submit to testing. Thomas Murray’s ratings are legal, non-invasive and do not rely on penetration testing, port scanning or ethical hacking.
Q: Could this kind of monitoring become a contractual, relationship or reputational issue for me with my clients and third parties?
A: It is up to you whether you alert your third parties to the fact that you are using Thomas Murray’s platform to monitor them, but it is not a requirement. Many companies choose to alert their third parties only once an issue has arisen.
Q: How can my third parties remediate issues and improve their score?
A: You can request for your third parties to be given 30-day free access to the platform, so that they can access Thomas Murray’s granular, objective remediation data. Using the historical charts, they can watch their score improve week-by-week, as well as their relative position within the sector.