E R T N
P
X
E INIO
OP
A good security
rating will reinforce
the value the CISO
and security teams
are bringing to
the company and
further reinforce
argumentation for
more investment and
strategic focus.
risk managers better manage risk and
continuously monitor policy holders. The
ability to thoroughly evaluate a company’s
security posture enables insurers to more
precisely measure how great the risk
would be if they issued a policy.
cybercriminals often target smaller and
less well defended companies as a way of
breaching the defences of organisations
they work for or with. This means that
it has become increasingly important
for prospective service providers and
partners to be able to prove they are well
secured, just as they would be expected
to verify their financial stability.
is increasingly symbiotic and
interconnected, the security assessment
process should be very open.
Transparency on both sides will help to
establish a better working relationship.
Strengthening cyberinsurance
Organisations should ensure that their
processes for taking on new vendors
includes a thorough assessment of
their security capabilities. The level of
security required can be varied to match
the level of risk associated with their
function and access to company assets.
A vendor that will be granted access to
essential systems and confidential data
for example should have a very high
security score to ensure these assets
are not exposed to unnecessary risk. Moving beyond the strategies of
individual companies, security ratings
are beginning to influence wider
attitudes to cyber-risk, such as with
cyberinsurance. Designed to provide
financial protection in the event of a
major security incident, cyberinsurance
has become an essential part of
enterprise risk mitigation strategies.
One challenge encountered by
cyberinsurance providers is the difficulty
in understanding the cyberhealth of their
clients however, which can lead to overly
cautious policies.
Because the relationship between
companies and third parties Establishing accurate security ratings can
help carriers, re-insurers, brokers and
www.intelligentciso.com
|
Issue 08
The evolving market
The cybersecurity landscape has
evolved rapidly in recent years and while
security ratings are still an emerging
standard now, they will soon become as
commonly used as credit ratings.
With both the volume and sophistication
of cyberthreats continuing to increase,
organisations must consider more
efficient techniques of gaining insight
into not only their own cyber-risk, but
also that of their supply chain.
Security ratings provide an independent
and comprehensive overview of a
company’s security posture that will
help to take the guess work out of
security strategies. Because scores can
be actively updated to reflect changes
within the organisation and the wider
business and security landscape,
organisations can confidently deal with
new threats as they emerge. u
43