US companies collaborate on credit score-like cybersecurity rating system

More than two dozen US companies have teamed up to establish a set of shared principles for a cybersecurity ratings system.

Corporations often use the system, which is effectively the cybersecurity equivalent of a credit score, to assess the security of the companies they work with. Insurers also look at the ratings when considering an organization’s liability following a cyber attack.

The US Chamber of Commerce has stated that the group includes JPMorgan Chase, Goldman Sachs, Morgan Stanley, and several non-financial companies such as Starbucks and Home Depot.

Why is this happening now?

The move has been made possible thanks to the emergence of big data start-ups such as BitSight Technologies, RiskRecon and SecurityScorecard. They have gained prominence and venture capital funding by collecting and analyzing data, which they use to rate companies’ cybersecurity defenses.

Many of the companies in question were previously critical of these start-ups’ data collection practices. JPMorgan’s global chief information security officer, Rohan Amin, told Reuters: “The challenge is that [these start-ups’] methodologies are proprietary and there hasn’t been transparency on how they go about creating the ratings.”

However, the decision to collaborate on the system appears to have settled those concerns. The US Chamber of Commerce believes that shared cybersecurity principles help organizations better understand their cybersecurity ratings and, if necessary, challenge them.

The announcement comes in the wake of the Equifax breach, a very different story involving cybersecurity and credit scores. That one of the country’s biggest fraud-prevention companies was breached has shown once again that cybersecurity is a massive concern for even the largest organizations.

From the board level down, all staff should be aware of their cybersecurity obligations. A greater push toward a measurable level of cybersecurity can only be a good thing if it helps senior management understand the need to invest in cybersecurity.

Improving your organization’s cybersecurity

Most organizations looking to improve their cybersecurity would benefit from certifying to ISO 27001, the international standard that describes best practice for an information security management system (ISMS).

Achieving accredited certification to ISO 27001 demonstrates that your company is following information security best practice. It also provides a framework that helps you meet multiple legal and regulatory requirements, cover your supply chain, and provide assurance to senior management.

Certifying to the Standard can be complicated and time-consuming, but you can simplify the process with our ISO 27001 DIY packages.

We offer four packages that contain a combination of products and services that can be accessed online and deployed anywhere in the world. Each package helps you facilitate your project at a speed and within a budget that are appropriate for your needs and preferred project approach.

Whether you’re looking for implementation guides, toolkits, training courses, or consultancy, our packages have everything you need.

You can also learn more about the Standard with our ISO 27001 data sheet >>