Analytic software firm FICO today launched the FICO® Enterprise Security Score, a metric that reveals the likelihood an organisation will be breached due to a cyber attack. This score can be used by an enterprise to understand and shore up its defence gaps, and by third parties such as cyber insurance providers, potential partners and customers who need an objective measure of a firm’s cyber risk.
The FICO Enterprise Security Score is an upgrade of the solutions previously offered by QuadMetrics, which FICO acquired in May. FICO upgraded the QuadMetrics analytics with FICO’s advanced analytics technologies that power various industry-leading solutions from FICO, including FICO® Falcon® Fraud Platform.
The FICO® Enterprise Security Score performs a complex assessment of network assets, applies advanced predictive algorithms, and then condenses the results down to a three-digit score that rank-orders based on the odds of breach for an organisation, allowing an empirical comparison of organisations’ cyber security risk. The score represents the likelihood of the enterprise suffering a material breach in the next 12 months. Organisations can use this score to understand and track their own performance, or share it with business partners as an easy-to-understand surrogate for a more in-depth exchange of security posture details. The score comes with current threat profile characteristics and granular insights into potential security issues.
“The need for a standard, empirically derived analytic measure of cybersecurity risk gets stronger every day,” said Doug Clare, vice president of cybersecurity solutions at FICO. “There have been attempts to quantify a firm’s security posture, but they lack the predictive element, which is FICO’s speciality. We aim to bring to cybersecurity the consistency, transparency and predictive power we have brought to credit history in the US through the FICO Score.”
The FICO® Enterprise Security Score is backed by a highly scalable, cloud-based platform that evaluates the entire Internet address space for information to assess the security of any network. This unique asset is updated with billions of data points from around the globe, and enhanced with public and proprietary source information. There is no software or hardware to install, and no integration work to perform.
“To date, cyber insurance underwriting has been challenging, as threats change constantly,” said Clare. “Without a clear industry benchmark or standardised risk criteria, insurers have had to rely on a wide range of high-touch methods and judgemental criteria when establishing cyber policies and premiums. The FICO Enterprise Security Score delivers a trusted, empirically derived, long-term view of cyber risk that can improve not only the underwriting process but ongoing portfolio risk assessments.”
“Information security professionals actually have a fairly good understanding of the challenges and threats of cybersecurity, but often aren’t able to see the cohesive effects of their countermeasures and diligence, affecting both their overall effectiveness and their ability to quantify the risk for their business partners,” said CEB Senior Executive Advisor Jason Malo. “Benchmarking at an enterprise level could help complement current metrics and also provide a risk measurement framework for ongoing management and project investment.”
“By combining our wide network of data resources with FICO’s industry leading advanced analytics, we’ve created the most powerful and accurate forecast of a company’s cyber risk,” said Manish Karir, former CTO of QuadMetrics, and product manager of the Enterprise Security Score. “This score gives chief information security officers details they need to protect their own network assets. It also provides an empirically derived standard benchmark for cyber insurance providers and everyone else in the cybersecurity ecosystem.”
“QuadMetrics provided a very unique scoring index, indicating the likelihood of cyber security problems for an organisation,” said Joe Sawasky, CEO of Merit, a non-profit, Member-owned organisation governed by Michigan’s public universities that owns and operates America’s longest-running regional research and education network. “This proved invaluable to our member organisations in Michigan, given that cyber risk is now among the top business risks overall. The FICO enhancements will make this an even stronger solution, which provides value not only to CIOs but also to CFOs, risk management professionals and boards.”