According to Fico, organisations will be able to use the complimentary service to better understand how a cyber insurer or a business partner might underwrite their network security.
Cyber insurance is a relatively new field, but it is growing in traction. PWC estimate annual gross written premiums for cyber insurance to increase from roughly $2.5 billion today to $7.5 billion by the end of the decade.
“There’s a lot of buzz about cybersecurity ratings, but most businesses don’t understand how they work or know how they rank,” said Doug Clare, vice president of cybersecurity solutions at FICO.
“Now any company can vet the accuracy of their score before they’re unknowingly assessed by other organisations in their supply chain. As insurers begin using these scores in pricing cybersecurity insurance and as organisations start using ratings to vet supply chain and partner risk, businesses will need to vet the details used to assess their security posture — just as consumers check their FICO Score before applying for loans.”
Visibility into the cyber health of a company is hard to obtain concretely. This hurts both the companies themselves and insurers as they both find it difficult to quantify and price coverage. Arguably, both parties are in the dark when it comes to setting rates. A fact made worse when you consider that nearly three-quarters (73%) of global firms are “cyber-novices” when it comes to the quality of their security strategy, according to a report by the insurer, Hiscox.
The free subscription promises to help organisations provide transparency, enable fair assessment and improve accuracy by allowing them to curate their assets upon which their score is based, tagging the correct assets and removing assets that are not connected to their network.
Organisations subscribing to FICO® Enterprise Security Score Portrait can view their own three-digit score, on a scale of 300 – 850, this score can then be used to understand and track their own performance. The score can also be shared with business partners as an easy-to-understand surrogate for a more in-depth exchange of security posture details.
“Organisations need to trust that their score is based on accurate data,” Clare said. “With this free program, FICO is the first ratings provider to bring total transparency and self-service asset curation to the process of cybersecurity risk assessment.”