Published

October 11, 2018

Share

• The U.S. Chamber of Commerce and FICO have released the first national cybersecurity assessment, benchmarking the cybersecurity risk of key industry sectors
• The Assessment of Business Cybersecurity (ABC) shows significant differences across sectors, and across organizations of different sizes
• The ABC is based on scoring more than 2,500 U.S. companies using the FICO® Cyber Risk Score, an empirical standard for assessing cybersecurity risk
• The U.S. Chamber and FICO are using the ABC to raise awareness of cybersecurity risk levels, and to provide an ongoing benchmark for tracking trends in cyber threats and encouraging improvement in organizational cyber posture

WASHINGTON, DC —The U.S. Chamber of Commerce and FICO today released the first national cybersecurity assessment at the Chamber’s Seventh Annual Cybersecurity Summit. The U.S. Chamber’s Assessment of Business Cybersecurity (ABC), powered by the FICO® Cyber Risk Score, measures the cybersecurity risk of the entire business community and risk across key sectors. The ABC provides actionable intelligence for businesses, which will help them improve their individual cyber risk profiles and help strengthen the cyber readiness of the nation.

More information: www.cyber-abc.com

Businesses that obtain their FICO® Cyber Risk Score can use the ABC to compare their cybersecurity risk to organizations of similar size and in the same sector. Over 2,500 small, medium, and large companies in 10 sectors — agriculture and food; business services; construction; energy and utilities; finance and banking; health care; materials and manufacturing; retail and consumer services; media, telecom and technology; and transportation — were scored with the FICO® Cyber Risk Score, an empirical standard for assessing cybersecurity risk. Just like a FICO® Score for credit risk, the range is 300 to 850. A higher score shows stronger security and indicates a lower risk of a cyber threat.

The ABC shows that risk currently varies greatly by industry and size of company. Over time, the ABC will show how security is improving or deteriorating at the national and sector levels.

The first release of the ABC shows that:

  • Large companies are at greater risk than their smaller counterparts. Cybersecurity risk is correlated to both the size of the organization and the complexity of the organization’s networks. Larger networks are more difficult to manage and tend to increase the forward-looking odds of a breach incident.
  • The relative risk of industry sectors varies widely. The highest-scoring sector was construction at 764, while the media, telecommunications and technology sector scored lowest at 619 — this difference represents nearly 200% variance in odds of significant cyber incident.
  • The risk performance differentiation between large and small entities is less pronounced in industries with the most sensitive data, such as health care and finance and banking, where companies are subject to specific compliance regimes.

“With the ABC, businesses now have a comparative benchmark for understanding their collective cybersecurity risk,” saidChristopher D. Roberti, senior vice president for cyber intelligence and security policy, U.S. Chamber of Commerce. “Businesses are on the front line of cybersecurity threats. Their risk impacts our economy’s health and our national security. That’s why we are pleased to partner with FICO to ensure businesses know their level of security. Organizations can obtain their Cyber Risk Score and use the ABC to measure their risk, know the risk of their sector, and take steps to improve their risk posture.”

How It Works

The ABC is an aggregate measure of security risk across small, medium, and large U.S. companies and across 10 sectors. It uses a random sample of these businesses and their FICO® Cyber Risk Score to reflect security performance across the U.S. economy, as well as within specific industry sectors. Results from each of the categories are presented individually. The same results are also combined in a revenue-weighted formula that represents the relative risk a given sector presents to the economy as a whole.

For example, across a random sample of 300 businesses in the construction sector, we assess that the score for small construction companies is 767. Medium companies’ average score is 742, and the average score for large companies is 682. These are combined into a revenue-weighted formula, relative to the risk of sector of the entire economy, to produce a risk score for the entire sector of 764.

The FICO® Cyber Risk Score that powers the ABC calculates the probability of an organization suffering a material data breach in the next 12 months.

“This is the first time the cybersecurity strength of the nation’s businesses has been measured in this detail,” said Doug Clare, vice president for cybersecurity solutions at FICO. “Our analytics measure and monitor billions of cyber risk indicators, and we use machine learning to produce a forward-looking metric for measuring cyber risk. The ABC is a benchmark based on this empirical calculation. The FICO Cyber Risk Score is not a report card — just like the FICO Score, it’s an empirical, objective forecast of performance. Individual businesses can use the FICO Cyber Risk Score to compare their own cyber risk against these benchmarks.”

Organizations that choose to learn more about their specific security performance can register for a free subscription at cyberscore.fico.com. “Much like individuals can get their FICO® Score to understand how lenders view their creditworthiness, organizations can get their FICO Cyber Risk Score, for free, to gauge their security effectiveness and understand how business partners view their cybersecurity hygiene,” Clare said. “In addition to self-assessment, businesses can use the full version of the FICO Cyber Risk Score offering to monitor the security risk of third-party and fourth-party partners and vendors. It’s a 360-degree view of your cybersecurity risk exposure.”

About the U.S. Chamber of Commerce

The U.S. Chamber of Commerce is the world’s largest business federation representing the interests of more than 3 million businesses of all sizes, sectors, and regions, as well as state and local chambers and industry associations. For more information, visit uschamber.com and FreeEnterprise.com, like us on Facebook and follow us on Twitter.

The Chamber has been leading on cybersecurity for years. In 2014, it launched a new comprehensive campaign under the banner Improving Today. Protecting Tomorrow™ to advance cybersecurity policies and legislation while educating businesses of all sizes about cyber threats and how to protect against them.

About FICO

FICO (NYSE: FICO) powers decisions that help people and businesses around the world prosper. Founded in 1956 and based in Silicon Valley, the company is a pioneer in the use of predictive analytics and data science to improve operational decisions. FICO holds more than 185 U.S. and foreign patents on technologies that increase profitability, customer satisfaction and growth for businesses in financial services, telecommunications, health care, retail and many other industries. Using FICO solutions, businesses in more than 100 countries do everything from protecting 2.6 billion payment cards from fraud, to helping people get credit, to ensuring that millions of airplanes and rental cars are in the right place at the right time. Learn more at http://www.fico.com.

Join the conversation at https://twitter.com/fico & http://www.fico.com/en/blogs/

For FICO news and media resources, visit www.fico.com/news.

FICO is a registered trademark of Fair Isaac Corporation in the United States and in other countries.