Deal Will Expand ISS’ Suite of Offerings to Aid in Investor and Corporate Risk Mitigation
ROCKVILLE, Md. (October 21, 2020) — Institutional Shareholder Services Inc. (ISS), the leading provider of high-quality data, analytics, and insight to the institutional investor and corporate issuer communities, today announced it has entered into a definitive agreement to acquire the cyber risk score business of FICO®. The transaction is expected to close over the coming weeks, subject to customary closing conditions.
The FICO® Cyber Risk Score provides a long-term indicator of network security risk based on a diverse set of inputs, global cybersecurity threats, and proprietary analytical methods thereby helping companies to accurately assess, continually monitor, and judiciously benchmark their enterprise cyber risk management programs. Companies also benefit from the ability to gauge cyber risks emanating from vendors up and down the supply chain.
Institutional investors, meanwhile, will in 2021 be able to use cyber risk scores as part of ISS’ leading Governance QualityScore ratings to evaluate portfolio company risk. Those risks are today both apparent and material for investing institutions with one recent analysis finding the average cost to corporations per data breach at just under $4 million. The new solution will be integrated into additional ISS offerings such as ESG ratings and relevant indices.
“Most investors, board of directors, and organizations know well the material nature of cyber risks and the critical need to effectively and accurately assess and monitor their own such risks and that of partners in today’s economy,” said ISS President & CEO, Gary Retelny. “ISS had been looking for a cyber solution of quality in the marketplace for some time to further develop and incorporate into our client offerings, and we are pleased to have found and reached an agreement to acquire FICO® cyber and its talented people.”
Upon closing, the newly branded ISS Cyber Risk Score solution will continue to draw on AI and machine learning methodologies and advanced analytics and will also assess the efficacy of cyber policies through varied measurements to prevent potential gaming. The solution, moreover, will be dynamic, adapting to a changing threat landscape due to a focus on cyber security behaviors rather than temporal conditions.