Analytics firm FICO has enhanced its FICO® Enterprise Security Score to include fourth party risks or those of a vendor’s vendors.
The new release quantifies breach risks to help cyber insurance providers understand hidden, aggregate risk exposures across their portfolio of insureds. FICO said users can now identify key IT suppliers of any entity as well as the cybersecurity scores of those suppliers.
The FICO® Enterprise Security Score will aid breach insurers and enterprise vendor management teams identify their partners or clients’ vendor dependencies as well as the common fourth party dependencies across a portfolio of third party relationships.
The company said risks become concentrated as organisations continue to adopt common cloud service providers to manage significant portions of their IT workloads. It added that quantifying these exposures in a portfolio of businesses can be critical to understanding and forecasting potential losses under different risk scenarios.
Doug Clare, vice president of cybersecurity solutions at FICO, noted that third party risks cannot be fully understood without also understanding the downstream dependencies vendors have with their own suppliers.
“Our customers tell us they need to understand these fourth party risks – specifically, and in aggregate. We worked with cyber insurance carriers to develop the new capabilities,” he said.
For Mark Greisiger, president of NetDiligence®, the ability to assess aggregate risks based on real data is becoming increasingly important to insurers.
“Cyber policyholders outsource so much of their computing/data resources that it’s a growing blind-spot for underwriters,” he explained.
The FICO® Enterprise Security Score performs a complex assessment of an organisation’s network assets, applies advanced predictive algorithms, and then condenses the results down to a three-digit score that rank-orders based on the odds of breach for the organisation.
Related stories:
Brokers: The risk your business clients may not be thinking of
Knowledge is power when it comes to winning cyber business, says Geoff Kinsella of Safeonline