October 2018 marks the 15th annual National Cybersecurity Awareness Month, and today, FICO is making big news: we have teamed with the U.S. Chamber of Commerce to help all American businesses be more aware of, and better manage, their cybersecurity risk.
The first step in managing risk is quantifying it — and that’s exactly what the Assessment of Business Cybersecurity (ABC) does. Designed by FICO and the Chamber, and powered by the empirically derived FICO Cyber Risk Score, the ABC was developed to provide an objective benchmark for the cybersecurity of U.S. businesses. It’s the first national cybersecurity assessment benchmarking the risk levels of different business sectors, and our joint initiative gives all companies the opportunity to see how their risk of data breach stacks up to peer organizations.
The ABCs of the ABC
Today marks the release of the first quarterly Assessment of Business Cybersecurity, at the Chamber’s Seventh Annual Cybersecurity Summit in Washington, DC. The ABC is based on the individual FICO Cyber Risk Score of 2,574 businesses across 10 key sectors of the US economy. It’s an aggregate measure of security risk across small, medium, and large companies, and an important indicator in understanding macro cyber risk trends at the national and sector levels.
Specifically, the Assessment of Business Cybersecurity monitors the underlying risk signals that indicate how well US companies manage and maintain their corporate networks, including the sensitive data under their care. Today’s inaugural ABC gives U.S. businesses an overall score of 687 on a scale of 300-850 and shows that:
- Large companies are at greater risk than their smaller counterparts.
- Risk is correlated to both the size of the organization and the complexity of networks. Larger, unwieldy networks are more difficult to manage and tend to increase the forward-looking odds of a breach incident.
- The relative risk of industry sectors varies widely. The highest-scoring sector was Construction at 764, while the Media, Telecommunications and Technology sector scored lowest at 619; this difference represents nearly 200% variance in odds of significant cyber incident.
- The risk performance differentiation between large and small entities is less pronounced in industries with the most sensitive data (healthcare and finance / banking), where compliance requirements may be having a positive effect on security.
Monitor Individual and Networked Risks
Organizations that want to learn more about their specific security performance can register for a free subscription to the FICO Cyber Risk Score. Much like U.S .consumers can access their FICO Score to gauge how lenders view their creditworthiness, organizations can now access their FICO Cyber Risk Score, for free, to gauge their security effectiveness and understand how business partners view their cybersecurity posture.
In addition to self-assessment, the FICO Cyber Risk Score is used by businesses to monitor security risks that are not under their direct control. In today’s highly networked business ecosystems, organizations often exchange data with dozens or even thousands of business partners. New regulations in banking and other industries have put companies more directly on the hook with respect to third-party and supply chain risk. With GDPR requirements spilling over from the European Union, more and more organizations are concerned about the network security of companies they do business with. The FICO Cyber Risk Score allows them to do that.
A Critical Reality Check
At FICO, our hope is that the objective measurement provided by the ABC gives U.S. companies actionable insight to address categorical over-confidence about their own cyber defenses. FICO’s recent cybersecurity survey, conducted by research and consultancy firm Ovum, shows that despite the growth in data breaches, senior executives at US firms think their cybersecurity protection is top-notch. The survey reported that 68 percent of respondents said their firm was better prepared than their competitors, and 37 percent said their firm was a top performer.
Now, the Assessment of Business Cybersecurity provides a relative measure of cybersecurity effectiveness across U.S. companies, as firms compare their individual FICO Cyber Risk Score to their industry cohort. Additionally, the ABC provides a useful benchmark for assessing the long-term impact of efforts to strengthen data protection practices.
What’s your organization’s FICO Cyber Risk Score, and how do you compare to industry peers? Find out how where you stand today, and on an ongoing basis. Register your company for a free subscription at cyberscore.fico.com and check the ABC quarterly. In the meantime, follow me on Twitter @dougoclare.