FICO^® Cyber Risk Score

In order to advance cybersecurity awareness and effectiveness around the globe the FICO^® Cyber Risk Score is now available, free of charge, to all organizations. It is designed to provide Chief Risk Officers an independent perspective of data breach risk while utilizing the same machine learning models used by vendor managers and cyber insurance underwriters to quantify 3^rd party risk exposure.

This complimentary subscription to the Portrait portal of the FICO^® Enterprise Security Suite includes immediate, self-service curation of organizations’ Internet-facing assets in order to ensure fair and accurate security ratings as defined by the U.S. Chamber of Commerce. These Principles for Fair and Accurate Security Ratings promote accuracy, fairness, utility, and transparency in the provision of cyber risk scores and security ratings.

FICO supports these Principles through its adherence to empirical cyber risk scoring, prudent disclosure of contributing risk factors, sound model governance practices, and the enablement of direct client involvement in the resolution of data and definitional issues. FICO was a key contributor in the establishment of the Principles, and is committed to upholding them.

Transparency

Understand how third parties may interpret your security posture and know exactly which assets are being used in the assessment.

Self-Service

Ensure fair assessment by curating network assets and removing inaccuracies, in real-time. Take control of your security profile without relying on ineffective dispute processes.

Machine Learning

Employ empirical machine learning models, not subjective ratings, to interpret cyber security behaviors and accurately assess your security risk profile.

The FICO^® Cyber Risk Score is an empirical score that relies on a comprehensive and diverse set of cyber security data signals, collected at Internet scale, to determine the risk profile of any organization. These signals reflect key risk indicators including the health and hygiene of IT systems, network infrastructure and software and services. These current and historical data signal behaviors are compared to past behaviors of organizations that have, and have not, suffered a material data breach.

Together, this information is used to train a machine learning model that produces a risk score that forecasts the likelihood of a future breach event.

FICO^® Cyber Risk Score utilizes time-series observations associated with the internet-facing assets on your network. These risk indicators are augmented with corporate demographic details and compiled cyber risk information. Rather than simply inventorying temporal vulnerabilities or issues, these indicators are used, in aggregate, to help form an understanding of network hygiene practices, consistency in policy, and the network management track record of
an organization.

Portrait Portal

‌  5X more accurate than competitors published results.

‌  Free access to the security rating used by cyber insurers.

‌  Self-service asset curation improves accuracy.

‌  Ability to monitor your security score improvement over time.

‌  No need for tedious ombudsmen processes.

‌  Clearly convey security performance results to executive leadership.

Landscape Portal

‌  Benchmark security performance across segments of partners.

‌  Support breach insurance underwriting.

‌  Understand portfolio risk across all insurance policies.

‌  Monitor the risk of your existing partner portfolio.

‌  Help CROs and CPOs tackle active vendor management.

‌  Vet the risk of potential partners.

Cyber-Insurance

The FICO^® Cyber Risk Score supports cybersecurity risk assessments and underwriting decisions. It accurately captures the risk posture of an organization as observed from an external vantage point. This quantifiable security rating is used to price insurance policies and determine exclusions or riders.

Vendor Risk

Manage and monitor the cybersecurity risk introduced by your vendors. The FICO^® Cyber Risk Score presents aggregated data and measurements that capture the cybersecurity risk of your vendors via a diverse set of measurements. Linked tools within the Landscape portal of the FICO^® Enterprise Security Suite allows a conversation with your vendors regarding the reported data.

Regulatory Compliance

Monitoring third party risk is more than just a sound business practice. It’s also a regulatory requirement for organizations that manage personal data of European Union (EU) citizens. The General Data Protection Regulation (GDPR) reforms require organizations to regularly assess and evaluate the security measures of third parties that process data on their behalf. The FICO Cyber Risk Score provides the empirical results needed to monitor and manage the risk of third party relationships.