Cybersecurity provider Consortium has bought Metrics That Matter, a startup that helps companies measure their cyber risks. The aim is for Consortium to give its customers a clearer and more up-to-date understanding of their cybersecurity vulnerabilities.
Even though companies are spending a fortune on cybersecurity – over $200 billion last year, according to the company’s announcement – and using a ton of different security tools, breaches and financial losses keep climbing. Essentially, many companies are throwing money at the problem without knowing or identifying what’s actually working. There’s still no reliable way to determine which pricey security solutions actually make a meaningful difference in preventing attacks.
A new approach to cybersecurity partnerships
By acquiring Metrics That Matter, Consortium aims to create a new kind of cybersecurity partner, what they’re calling a “Next Generation Value-Added Reseller (VAR).” The ultimate goal? To help companies maximize their security spending, constantly reduce their risk, and stop throwing money away. Unlike traditional resellers, Consortium is weaving real-time risk measurement into every cybersecurity decision.
“Organizations are struggling to keep pace with evolving cybersecurity threats while justifying their programs to boards and executives. They need partners who are laser-focused on reducing risk and optimizing cyber spend,” said Nate Ungerott, CEO of Consortium. “Traditional VARs have struggled to adapt. It’s time for a change. The Metrics That Matter platform is central to our Next Generation Value-Added Reseller strategy, helping clients quantify risk, maximize the impact of their cybersecurity investments, and communicate effectively at the executive level.”
The high cost of cyber risk
New research from Metrics That Matter (MTM), based on an analysis of over 300,000 data breaches, shows just how costly cyber risk has become. For companies making between $1 billion and $50 billion annually, that risk now takes up more than 13% of their revenue.
It’s even worse for companies in the $1 billion to $5 billion range, where cyber risk can gobble up 16% of revenue. Even with an average of over 100 different security tools at their disposal, these businesses are still vulnerable to ransomware, data breaches, and operational disruptions. The problem, once again, is that they can’t effectively measure which of those tools are actually working and reducing their risk.
Measuring what matters
Security teams no longer need to rely on static assessments or vendor-driven purchasing. Metrics That Matter provides continuous, actionable intelligence to inform every security decision. The platform is designed to point out weak spots, help determine if the security tools are actually making a difference, and ensure everything put in place is doing its job. No more throwing money at solutions and hoping they work.
“Cybersecurity is flooded with tools, yet too often, buying more products doesn’t lead to better protection. The real challenge isn’t acquiring technology—it’s implementing it effectively,” said Andrew Barnett, chief technology officer of Consortium. “Enterprises waste budgets on security products that are underutilized or misconfigured, leaving them vulnerable despite heavy investments. A Next Generation Value-Added Reseller ensures that every security control is properly deployed, actively reducing risk, and delivering measurable impact.”
All 11 Metrics That Matter employees are joining Consortium as part of the buyout, bringing the company’s total workforce to 70. The financial details of the deal weren’t made public.
Vendor risk management software tools are essential for organizations to assess and manage risks associated with third-party relationships. View the top 6 vendor risk management software for MSPs in 2025.