FICO Extends Cybersecurity Score to Rate 4th Party Risks

SAN JOSE — July 11, 2017

Highlights:

• FICO has enhanced the FICO^® Enterprise Security Score in order to identify the 4^th party risks of scored organizations — the risks of a vendor’s vendors
• Users of the FICO Enterprise Security Score can identify key IT suppliers of any entity, the cybersecurity scores of those suppliers, and can drill down to understand which specific technologies have been deployed
• Breach insurers can now understand aggregate risk concentrations across  a portfolio of policies where multiple insureds may be exposed to common IT suppliers and technologies

Silicon Valley analytics firm FICO today announced that its new release of the FICO^® Enterprise Security Score quantifies the breach risks introduced by 4^th parties — a partner or vendor’s vendors. The identification of 4^th party risks is an increasingly important consideration for breach insurance carriers, who are concerned about hidden, aggregate risk exposures across their portfolio of insureds.

More information: http://securityscore.fico.com

A report in the Financial Times this month noted that some 80 percent of large companies suffer a cyber breach every year, and the annual global damage estimate could be more than $400 billion. These risks become concentrated as organizations continue to adopt common cloud service providers to manage significant portions of their IT workloads. As new IT vulnerabilities are being exposed and exploited, identifying and quantifying these common, concentrated exposures in a portfolio of businesses can be critical to understanding and forecasting potential losses under different risk scenarios.

The FICO Enterprise Security Score now helps breach insurers and enterprise vendor management teams identify the vendor dependencies of their clients and business partners, including deployed IT components, and see the Enterprise Security Score of these 4^th party relationships. The service also helps users identify common 4^th party dependencies across a portfolio of 3^rd party relationships.

“You can’t really understand your 3^rd party risks without also understanding the downstream dependencies those organizations have with their own suppliers,” said Doug Clare, vice president of cybersecurity solutions at FICO. “Our customers tell us they need to understand these 4^th party risks – specifically, and in aggregate. We worked with cyber insurance carriers to develop the new capabilities.”

“The ability to assess aggregate risks based on real data is becoming increasingly important to insurers,” said Mark Greisiger, president of NetDiligence^®. “Cyber policyholders outsource so much of their computing/data resources that it’s a growing blind-spot for underwriters. Granular information regarding actual 4^th party cyber risk dependencies would help insurers more accurately quantify their portfolio exposure.” 

The FICO^® Enterprise Security Score performs a complex assessment of an organization’s network assets, applies advanced predictive algorithms, and then condenses the results down to a three-digit score that rank-orders based on the odds of breach for the organization. Companies can use this score to understand and track their own performance, or evaluate the security risk of their vendors and other business partners. FICO was part of a consortium of industry leaders that developed new guiding principles for cybersecurity ratings.

Über FICO
FICO (NYSE: FICO) powers decisions that help people and businesses around the world prosper. Founded in 1956 and based in Silicon Valley, the company is a pioneer in the use of predictive analytics and data science to improve operational decisions. FICO holds more than 170 US and foreign patents on technologies that increase profitability, customer satisfaction and growth for businesses in financial services, telecommunications, health care, retail and many other industries. Using FICO solutions, businesses in more than 100 countries do everything from protecting 2,6 billion payment cards from fraud, to helping people get credit, to ensuring that millions of airplanes and rental cars are in the right place at the right time.

Learn more at http://www.fico.com

FICO is a registered trademark of Fair Isaac Corporation in the U.S. and other countries.