This could become reality:
- Fair Isaac Corp., the company that generates consumer-credit scores, purchased Michigan-based cybersecurity startup QuadMetrics Tuesday.
- The company said it plans to use QuadMetrics’s predictive analytics and security-risk assessment tools to develop security scores for businesses.
- The scores would help CIOs and other tech professionals measure their company’s online risks, including better understanding third-party risks.
“Just as the FICO Score gave credit markets a single metric for understanding credit risk, this product will give the industry a common view of enterprise security risk,” Doug Clare, FICO’s vice president of cybersecurity solutions, said in a statement.
QuadMetrics uses predictive analytics and data from various sources to generate a security score.
FICO has been investigating the cybersecurity area for a while now, and recently developed their Falcon Cybersecurity Analytics service. The company says the new service could also help manage cyber risk from third party vendors, a growing problem for enterprises.
“Some large enterprises are dealing with over 10,000 external vendors, suppliers and partners, and many compliance regulations now demand they have to gauge the risk of all of them and somehow remediate that risk,” Garrett Bekker, a cybersecurity analyst at 451 Research, told the Wall Street Journal.
A repoprt released by the Ponemon Institute in early May found that the risk associated with third party data sharing is growing, but the C-Suite is not adequately prioritizing the issue. The report, sponsored by Shared Assessments, found that third party vendors and partners can significantly increase the risk of cyberattacks or data breaches. As a result of “negligent or malicious” third parties, Ponemon researchers found that organizations spent an average of $10 million responding to security incidents.
The cyber insurance market could also use the score to assist in cyber breach policy writing and portfolio management. Though cyber insurance is a fast growing market, there is not yet an industry standard to measures a company’s risk.