New report names FICO a cyber risk quantification leader

FICO, a leading analytics software company, today announced that it has been named a category leader in cyber risk quantification solutions in the Cyber Risk Quantification Solutions, 2019: Market and Vendor Landscape report from research firm Chartis.

“As the frequency and severity of cyber breaches continue to grow, cyber crime is now one of the biggest challenges facing financial institutions (FIs),” the report notes. “FIs and vendors have sought to quantify cyber risk before, but increasingly they are spending such large sums on cybersecurity systems that they require defensible risk scores for their cyber domains. And only now is there technology available to automate analysis and leverage the vast datasets required to properly quantify cyber risk. Demand for cyber risk quantification (CRQ) solutions is coming from insurers – keen to assess the risk in counterparties’ infrastructure – and more general financial services firms, which want to assess the risk in the systems they rely on for their operations.”

A companion report, Vendor Analysis: FICO; Cyber Risk Quantification Solutions, 2019, gives a more detailed analysis of FICO’s rating in the industry report.

“Given FICO’s heritage in risk quantification and ML [machine learning], the underpinnings of the FICO Cyber Risk Score leverage a rich set of IP in feature engineering, designed to expose and amplify signals used to quantify forward-looking risk outcomes,” the Vendor Analysis states. It cites three notable features of the FICO® Cyber Risk Score:

  • Empirically derived. “The FICO Cyber Risk Score is built using a supervised analytic model. This score leverages mathematical relationships between signal data, inferred behaviours, and real-world security outcomes from both breached and non-breached organisations.”
  • Focused on risk quantification. “While vulnerability inventories are important, they can also serve to mask underlying risk. As a result, organisations may confuse security activity (e.g., patching cadence) with effectiveness, and distract security teams from focusing on impactful change.”
  • Depth and breadth of signals. “The key risk signals leveraged by the FICO Cyber Risk Score are based on a deep database of time series historical information, collected by FICO, which spans the entire internet address space for six years. This allows FICO to correlate conditions and behaviours to cyber incidents, regardless of delays in disclosure, and enables it to immediately generate scores for companies worldwide.”

As the report notes, the FICO® Cyber Risk Score, like the FICO® Score for credit, is a predictive tool rather than a report card: “Rather than grading the current state of the network, FICO evaluates forward-looking risk by employing a ML model that is trained to a well-defined objective outcome – the likelihood of a material data breach event in the next 12 months. This provides an easy to interpret result that applies across self-assessment, third-party risk management, and cyber insurance underwriting.”

“This report shows the growing importance of cyber risk quantification, and FICO’s leadership in this field,” said Doug Clare, vice president of cybersecurity solutions at FICO. “We feel strongly that now is the right time to bring quantitative risk management disciplines to the field of cyber security. FICO have spent years researching the analytic methods that power the FICO Cyber Risk Score, making it an unbeatable solution for quantifying cyber risk.”

Organisations can get a free subscription to their FICO® Cyber Risk Score at Subscriptions for third-party risk management, including scores on third- and fourth-party vendors and supply chain partners, are also available.