The cyber risk ratings industry is ushering in a new age of transparency. Cyber risk ratings firms continuously measure numerous external risk factors, and develop a FICO-like rating that indicates the vulnerability to a data breach. A demonstrably higher, objectively-measured, security and privacy posture can help a company gain market share and be more highly valued by investors.

We show clients how to use cyber risk ratings to gain insights on their own performance, as well as that of M&A targets, their vendors, and competitors. Our private equity firm clients use ratings to monitor their portfolio companies, so they can identify areas in need of attention. 

M&A / Corporate Finance Due Diligence

Data security and privacy is now an issue that corporate development officers, M&A advisors and corporate finance professionals need to address early in the due diligence process, before valuation and terms are negotiated. We help investment and commercial bankers, equity and fixed income research professionals, private equity sponsors, hedge funds, activist investors, and the companies they all cover, understand data security and privacy issues, as well as data value creation opportunities.

In addition to referencing cyber risk ratings, we also develop insights for our clients by monitoring (i) dark web chatter; (ii) FTC, EU GDPR and other regulatory activity; (iii) SEC disclosure; (iv) Homeland Security, FBI and other agency alerts; (v) cyber insurance claims experience; (vi) company privacy policies; (vii) the data security, privacy and analytics community; and other sources.

Self-Awareness and Reputation Management

Your customers, prospects, regulators, cyber insurance underwriters and others are already sizing up your security posture using cyber risk ratings. Boards incorporate rating reports in their periodic reviews of cyber security because they distill technical information into a form that lay people can understand. You should understand how the ratings are derived and take action to maximize them.

Vendor Risk Management

The 2013 Target Corp. breach via an insecure HVAC vendor demonstrated that a company's security is only as strong as its weakest link. Every company needs to understand the risk associated with their vendor community. Traditional tactics involving questionnaires and onerous, expensive and time-consuming penetration test, are part of the answer. It's not enough to measure cyber hygiene at a moment in time, because the conditions could be completely different a day later.

Ratings firms objectively, externally and unobtrusively measure the security posture of any organization across numerous attributes, resulting in a rating that can change from moment to moment.

Ratings platforms promote active collaboration between a company and its vendors. 

Cyber Insurance Renewal Prep

Many of the largest cyber insurance underwriters use ratings when setting a company's premium, so you can lower your costs by understanding your vulnerability and taking steps to raise your rating.