The FICO Data Privacy Policy explains FICO’s collection and use of cookies. Cookies help us remember your settings to provide you with a better browsing experience; allow us to assess, monitor, and improve the website’s performance; and enable our partners to advertise to you. You may disable the cookies by changing the settings in your browser, and you may tell us not to share your cookie data with third parties. By using this website, you consent to the use of cookies as described in the FICO Data Privacy Policy.
Log InSign Up
In order to advance cybersecurity awareness and effectiveness around the globe the FICO® Cyber Risk Score is now available, free of charge, to all organizations. It is designed to provide Chief Risk Officers an independent perspective of data breach risk while utilizing the same machine learning models used by vendor managers and cyber insurance underwriters to quantify 3rd party risk exposure.
This complimentary subscription to the Portrait portal of the FICO® Enterprise Security Suite includes immediate, self-service curation of organizations’ Internet-facing assets in order to ensure fair and accurate security ratings as defined by the U.S. Chamber of Commerce. These Principles for Fair and Accurate Security Ratings promote accuracy, fairness, utility, and transparency in the provision of cyber risk scores and security ratings.
FICO supports these Principles through its adherence to empirical cyber risk scoring, prudent disclosure of contributing risk factors, sound model governance practices, and the enablement of direct client involvement in the resolution of data and definitional issues. FICO was a key contributor in the establishment of the Principles, and is committed to upholding them.
Transparency
Understand how third parties may interpret your security posture and know exactly which assets are being used in the assessment.
Self-Service
Ensure fair assessment by curating network assets and removing inaccuracies, in real-time. Take control of your security profile without relying on ineffective dispute processes.
Machine Learning
Employ empirical machine learning models, not subjective ratings, to interpret cyber security behaviors and accurately assess your security risk profile.
The FICO® Cyber Risk Score is an empirical score that relies on a comprehensive and diverse set of cyber security data signals, collected at Internet scale, to determine the risk profile of any organization. These signals reflect key risk indicators including the health and hygiene of IT systems, network infrastructure and software and services. These current and historical data signal behaviors are compared to past behaviors of organizations that have, and have not, suffered a material data breach.
Together, this information is used to train a machine learning model that produces a risk score that forecasts the likelihood of a future breach event.
FICO® Cyber Risk Score utilizes time-series observations associated with the internet-facing assets on your network. These risk indicators are augmented with corporate demographic details and compiled cyber risk information. Rather than simply inventorying temporal vulnerabilities or issues, these indicators are used, in aggregate, to help form an understanding of network hygiene practices, consistency in policy, and the network management track record of an organization.
Portrait Portal
5X more accurate than competitors published results.
Free access to the security rating used by cyber insurers.
Self-service asset curation improves accuracy.
Ability to monitor your security score improvement over time.
No need for tedious ombudsmen processes.
Clearly convey security performance results to executive leadership.
Landscape Portal
Benchmark security performance across segments of partners.
Support breach insurance underwriting.
Understand portfolio risk across all insurance policies.
Monitor the risk of your existing partner portfolio.
Help CROs and CPOs tackle active vendor management.
Vet the risk of potential partners.
Cyber-Insurance
The FICO® Cyber Risk Score supports cybersecurity risk assessments and underwriting decisions. It accurately captures the risk posture of an organization as observed from an external vantage point. This quantifiable security rating is used to price insurance policies and determine exclusions or riders.
Vendor Risk
Manage and monitor the cybersecurity risk introduced by your vendors. The FICO® Cyber Risk Score presents aggregated data and measurements that capture the cybersecurity risk of your vendors via a diverse set of measurements. Linked tools within the Landscape portal of the FICO® Enterprise Security Suite allows a conversation with your vendors regarding the reported data.
Regulatory Compliance
Monitoring third party risk is more than just a sound business practice. It’s also a regulatory requirement for organizations that manage personal data of European Union (EU) citizens. The General Data Protection Regulation (GDPR) reforms require organizations to regularly assess and evaluate the security measures of third parties that process data on their behalf. The FICO Cyber Risk Score provides the empirical results needed to monitor and manage the risk of third party relationships.
As the frequency and severity of cyber breaches continue to grow, cybercrime is now one of the biggest challenges facing financial institutions (FIs). Adding to their problems, FIs must also address the growing risk of technology outages– ...
Cybersecurity strategies often consist of “whack-a-mole” exercises focused on the perpetual detection and mitigation of vulnerabilities. As a result, organizations must re-think the ever-escalating costs associated with vulnerability manag...
Security rating services hold the potential to significantly alter the methods that organizations use to assess and monitor their data breach exposure. In addition to self-assessment, these methods are increasingly being used to monitor th...
Cybersecurity is a complex domain requiring specialized skill sets and subject matter expertise. Justifiably, organizations support this expertise with significant technology investments aimed at securing their networks and protecting the sensitive data under their care. The scope of these investments requires an ability to communicate a comprehensible result. Organizations need a standardized, trustworthy benchmark through which they can understand and communicate their resulting security posture.