Get help in measuring and mitigating cyber risk through your investment portfolio with a standardized, trustworthy data-driven approach.
According to Cybersecurity Ventures, cybercrime is predicted to cost the world USD$8 trillion in 2023.
The Cyber Risk Score is a data-driven rating that provides visibility into the level of cyber readiness and resilience an organization has implemented based on its ongoing actions to identify, manage, and mitigate cyber risk across its external technology networks. The comprehensive set of historical data behind the Cyber Risk Score is enriched with details of known breach events to create a predictive score that forecasts the risk of future breach events.
Benefit from a concise, empirical, and proactive metric that seeks to convey how well a company manages and maintains its cyber security posture, powered by a machine learning model trained to identify the potential for a breach event over the next 12 months.
USE THE CYBER RISK SCORE TO HELP:
Identify and manage cyber risk across your investment portfolio
Proactively engage with companies to mitigate risks correlated to a breach
Make informed
investment decisions
Cross-reference companies with greater risks in customer data protections
Access Actionable Insights
Delivered through ISS ESG’s proprietary DataDesk platform and – data feeds – investors can easily ingest cyber risk score data into their own internal processes. Clients can further leverage DataDesk functionality to screen their investment universe for cyber risk exposure and assess the cyber resilience of their portfolio holdings.
CYBER RISK SCORE
Ranges from the riskiest score of 300 to the least risky score of 850.
FIRMOGRAPHIC MAX
Reflects the organization’s maximum achievable Cyber Risk Score, considering inherent industry and organizational factors including sector classification and employee count.
TOP 3 REASON CODES
Provides a description of the three most relevant risk signals per company. These broadly capture five types of risk indicators: botnet activity, software misconfigurations, misconfigured infrastructure, website misconfigurations, and demographic elements.
Distinct Methodology for Assessing Cyber Risk
The Cyber Risk Score is generated from data findings collected from cyber assets identified as being either owned or operated by the company or any of the company’s majority-owned subsidiaries.
The overall cyber risk performance of a company is represented as a single, concise score on a scale from 300 to 850. A score of 300 represents high risk; a score of 850 represents low risk.
The ISS ESG Difference
Global risk indicators that reflect companies’ cyber security risk behaviors are collected on a continuous basis.
Historical data informs our proprietary risk model that uses machine learning to identify patterns and signatures indicative of potential breach events.
The methodology is focused on the effectiveness of cyber security behavior rather than on temporary conditions, which makes it resilient to the ever-changing cyber threat landscape.
Deep Dive Into the Cyber Risk Score
