FICO® Enterprise Security Score

Free access to the most accurate security rating service.

Log In Sign Up

Getting Started

In order to advance cybersecurity awareness and effectiveness around the globe the FICO® Enterprise Security Score is now available, free of charge, to all organizations. It is designed to provide Chief Risk Officers an independent perspective of data breach risk while utilizing the same machine learning models used by vendor managers and cyber insurance underwriters to quantify 3rd party risk exposure.

This complimentary subscription the Portrait portal of the FICO® Enterprise Risk Suite includes immediate, self-service curation of organizations’ Internet-facing assets in order to ensure fair and accurate security ratings as defined by the U.S. Chamber of Commerce. These Principles for Fair and Accurate Security Ratings promote accuracy, fairness, utility, and transparency in the provision of cybersecurity scores and ratings.

FICO supports these Principles through its adherence to empirical cyber risk scoring, prudent disclosure of contributing risk factors, sound model governance practices, and the enablement of direct client involvement in the resolution of data and definitional issues. FICO was a key contributor in the establishment of the Principles, and is committed to upholding them.


Download: Anatomy of a Security Rating   Download: Why Asset Curation Matters


Understand how third parties may interpret your security posture and know exactly which assets are being used in the assessment.


Ensure fair assessment by curating network assets and removing inaccuracies, in real-time. Take control of your security profile without relying on ineffective dispute processes.

Machine Learning

Employ empirical machine learning models, not subjective ratings, to interpret cyber security behaviors and accurately assess your security risk profile.

How Does it Work?

The FICO® Enterprise Security Score is an empirical score that relies on a comprehensive and diverse set of cyber security data signals, collected at Internet scale, to determine the risk profile of any organization. These signals reflect key risk indicators including the health and hygiene of IT systems, network infrastructure and software and services. These current and historical data signal behaviors are compared to past behaviors of organizations that have, and have not, suffered a material data breach.

Together, this information is used to train a machine learning model that produces a risk score that forecasts the likelihood of a future breach event.

FICO® Enterprise Security Score utilizes time-series observations associated with the internet-facing assets on your network. These risk indicators are augmented with corporate demographic details and compiled cyber risk information. Rather than simply inventorying temporal vulnerabilities or issues, these indicators are used, in aggregate, to help form an understanding of network hygiene practices, consistency in policy, and the network management track record of
an organization.

FICO® Enterprise Risk Suite – Use Cases

Balance competing objectives


The FICO® Enterprise Security Score supports cybersecurity risk assessments and underwriting decisions. It accurately captures the risk posture of an organization as observed from an external vantage point. This quantifiable security rating is used to price insurance policies and determine exclusions or riders.

Balance competing objectives

Vendor Risk

Manage and monitor the cybersecurity risk introduced by your vendors. The FICO® Enterprise Security Score presents aggregated data and measurements that capture the cybersecurity risk of your vendors via a diverse set of measurements. Linked tools within the Landscape Portal of the FICO® Enterprise Risk Suite allows a conversation with your vendors regarding the reported data.

Balance competing objectives

Regulatory Compliance

Monitoring third party risk is more than just a sound business practice. It’s also a regulatory requirement for organizations that manage personal data of European Union (EU) citizens. The General Data Protection Regulation (GDPR) reforms require organizations to regularly assess and evaluate the security measures of third parties that process data on their behalf. The FICO Enterprise Security Score provides the empirical results needed to monitor and manage the risk of third party relationships.

Key Features

Portrait Portal

  • 5X more accurate than competitors published results.
  • Free access to the security rating used by cyber insurers.
  • Self-service asset curation improves accuracy.
  • Ability to monitor your security score improvement over time.
  • No need for tedious ombudsmen processes.
  • Clearly convey security performance results to executive leadership.

Landscape Portal

  • Benchmark security performance across segments of partners.
  • Support breach insurance underwriting.
  • Understand portfolio risk across all insurance policies.
  • Monitor the risk of your existing partner portfolio.
  • Help CROs and CPOs tackle active vendor management.
  • Vet the risk of potential partners.

Want to take your business to new heights?

Request more information. Enter your information and we will respond directly to you.