According to a recent report in CFO.com, a new generation of cyber ratings firms are becoming known for rating a company’s cyber hygiene in much the same way that Moody’s and S&P set the standard by which we understand a company’s creditworthiness, or Fitch and A.M. Best test insurance companies.
New cyber ratings firms size up companies like a hacker would on a continuous basis, in a non-invasive way. They offer a numerical, FICO-like rating or a letter grade, much like the credit rating agencies employ. Performance levels for any of these factors can instantly raise or lower a rating. Bringing cybersecurity into the vendor risk discussion requires a cross-functional effort that typically involves finance, operations, procurement, and now IT.
Cyber rating data, and the reports that can drill down on all the factors, allows underwriters the ability to make decisions based on objective, real-time data, and rewards more secure clients by charging lower premiums. By “owning” this risk more closely through a captive, those responsible for cybersecurity will be more effective in justifying necessary technology expenditures and changes in organizational behavior that can improve their condition. As the report states, when these ratings become more visible in the marketplace, companies that have invested in security will enjoy a competitive advantage over their less cyber-hygienic peers.
I am heading out this weekend to attend the CICA annual conference in Scottsdale, so I hope to see a number of you out there. Dennis Harwick always puts on a good show, and it is a great opportunity to talk to industry leaders and hear what’s happening in our dynamic space.
Thank you all very much, and I look forward to hearing from you.