We all know what a credit score is. It helps lenders decide how likely you are to repay your debts with scores range from 300 – 850 points and are based on: Your payment history and ability to repay your debts on time. But do you know your company’s cybersecurity score?
Given the COVID-19 pandemic many brick and mortar shops and businesses that were previously exclusively accessible through in-person contact, have been forced to provide their goods and services through a website. This shift causes a larger need for these services given the increase in possible clients that want to know the safety of their business domain. Regardless how you feel about credit score and/or security ratings, they appear to not be going anywhere any time soon. Obtaining a security rating done for your company presents more benefits then risks.
Security ratings are an objective, data-driven, quantifiable measurement of an organization’s overall cybersecurity performance. Security ratings provide businesses and government agencies with a third-party, independent view into the security behaviors and practices of their own organization as well as that of their business partners.
Now from a business standpoint, you are technically not required to have a security rating, but as we more businesses and offices go remote and more businesses go online. Having a high cybersecurity will give you a competitive edge. It will also provide an objective look into your company’s security infrastructure, which could potentially attract clients to your business. CyberSecurity ratings have been around for a few years but are still relatively new. Recently they have been gaining some popularity. There are a few companies out there that are providing security rating services such as, SecurityScorecard, Panorays, BitSight, FortifyData, and even FICO. All of which you can reach out to and request a security assessment to determine your security score.
From a business perspective there are many benefits to using a security rating. You could use security rating as a way to choose which vendor you would like to contain your data. Utilizing security ratings can also help prioritize remediation amongst existing third parties, define mandatory thresholds for cybersecurity for new vendors, aid in making decisions in the procurement process, and help define the level of assessment required for each vendor. For example, vendors with an 700+ rating provide greater safety to your organization versus a score of 550. It’s not if, but when this will become a requirement for all businesses. Like a
credit score, you’ll want to get a good cybersecurity score ahead of the curve and not behind it to establish more credibility for your company’s security infrastructure.
Taylor Allaire, CISM, CDPSE
Information Security Manager