Intelligent CISO Issue 08 | Page 43

E R T N P X E INIO OP A good security rating will reinforce the value the CISO and security teams are bringing to the company and further reinforce argumentation for more investment and strategic focus. risk managers better manage risk and continuously monitor policy holders. The ability to thoroughly evaluate a company’s security posture enables insurers to more precisely measure how great the risk would be if they issued a policy. cybercriminals often target smaller and less well defended companies as a way of breaching the defences of organisations they work for or with. This means that it has become increasingly important for prospective service providers and partners to be able to prove they are well secured, just as they would be expected to verify their financial stability. is increasingly symbiotic and interconnected, the security assessment process should be very open. Transparency on both sides will help to establish a better working relationship. Strengthening cyberinsurance Organisations should ensure that their processes for taking on new vendors includes a thorough assessment of their security capabilities. The level of security required can be varied to match the level of risk associated with their function and access to company assets. A vendor that will be granted access to essential systems and confidential data for example should have a very high security score to ensure these assets are not exposed to unnecessary risk. Moving beyond the strategies of individual companies, security ratings are beginning to influence wider attitudes to cyber-risk, such as with cyberinsurance. Designed to provide financial protection in the event of a major security incident, cyberinsurance has become an essential part of enterprise risk mitigation strategies. One challenge encountered by cyberinsurance providers is the difficulty in understanding the cyberhealth of their clients however, which can lead to overly cautious policies. Because the relationship between companies and third parties Establishing accurate security ratings can help carriers, re-insurers, brokers and www.intelligentciso.com | Issue 08 The evolving market The cybersecurity landscape has evolved rapidly in recent years and while security ratings are still an emerging standard now, they will soon become as commonly used as credit ratings. With both the volume and sophistication of cyberthreats continuing to increase, organisations must consider more efficient techniques of gaining insight into not only their own cyber-risk, but also that of their supply chain. Security ratings provide an independent and comprehensive overview of a company’s security posture that will help to take the guess work out of security strategies. Because scores can be actively updated to reflect changes within the organisation and the wider business and security landscape, organisations can confidently deal with new threats as they emerge. u 43