Get help in measuring and mitigating cyber risk through your investment portfolio with a standardized, trustworthy data-driven approach.
Serious cyber security incidents can lead to operational, legislative, and reputational risks for investors.
The Cyber Risk Score is a data-driven rating that provides visibility into the level of cyber readiness and resilience an organization has implemented based on its ongoing actions to identify, manage, and mitigate cyber risk across its external technology networks. The comprehensive set of historical data behind the Cyber Risk Score is enriched with details of known breach events to create a predictive score that forecasts the risk of future breach events.
Benefit from a concise, empirical, and proactive metric that seeks to convey how well a company manages and maintains its cyber security posture, powered by a machine learning model trained to identify the relative likelihood of a portfolio company suffering a material cybersecurity incident within the next 12 months.
USE THE CYBER RISK SCORE TO HELP:
Identify and manage cyber risk across your investment portfolio
Proactively engage with companies to mitigate risks correlated to a breach
Make informed
investment decisions
Cross-reference companies with greater risks in customer data protections
Access Actionable Insights
Delivered through ISS ESG’s proprietary DataDesk platform and – data feeds – investors can easily ingest cyber risk score data into their own internal processes. Clients can further leverage DataDesk functionality to screen their investment universe for cyber risk exposure and assess the cyber resilience of their portfolio holdings.
CYBER RISK SCORE
Ranges from the riskiest score of 300 to the least risky score of 850.
FIRMOGRAPHIC MAX
Reflects the organization’s maximum achievable Cyber Risk Score, considering inherent industry and organizational factors including sector classification and employee count.
CYBER RISK DECILE
Describes how the subject organization ranks (in terms of their ISS Cyber Risk Score), on a decile basis, within an ISS-defined peer group based on size and sector.
CYBER GOVERNANCE DECILE
Describes how the subject organization ranks (in terms of their Information Security Score), on a decile basis, within an ISS-defined peer group based on size and sector.
TOP 3 REASON CODES
Provides a description of the three most relevant risk signals per company. These broadly capture five types of risk indicators: botnet activity, software misconfigurations, misconfigured infrastructure, website misconfigurations, and demographic elements.
Distinct Methodology for Assessing Cyber Risk
The Cyber Risk Score is generated from data findings collected from cyber assets identified as being either owned or operated by the company or any of the company’s majority-owned subsidiaries.
The overall cyber risk performance of a company is represented as a single, concise score on a scale from 300 to 850. A score of 300 represents high risk; a score of 850 represents low risk.
The ISS ESG Difference
Global risk indicators that reflect cyber security risk behaviors, as evidenced by the extent, condition, and configuration of information technology assets exposed to the Internet, are collected on a continuous basis.
Historical data informs our proprietary risk model that uses machine learning to identify patterns and signatures indicative of potential breach events.
The methodology is focused on the effectiveness of cyber security behavior rather than on temporary conditions, which makes it resilient to the ever-changing cyber threat landscape.
Provides insight into an issuer’s cyber governance to get a more holistic view of how well they manage cyber risks.
Deep Dive Into the Cyber Risk Score
ISS ESG US CYBER INDEX
Identify and track companies with low or negligible cyber-related risks, based on the Cyber Risk Score.
Will Recent Focus on Cyber-Governance Drive Renewed Shareholder Activism?
READ THE REPORT AT ISS INSIGHTS ›
