Login / Sign Up
Blog Posts Process Analysis
Contributed on August 21, 2017
Loading 1.4K
771

Measuring the Cybersecurity Risk of Your Extended Enterprise

Blog: Enterprise Decision Management Blog

Cybersecurity risk score scale

“What gets measured, gets managed,” is one of executives’ go-to quotes, and with good reason. But unfortunately, many of the things that keep executives awake at night, such as the cybersecurity risk of their extended enterprise, have been impossible to measure, let alone manage, at least until now.

FICO recently announced new capabilities for identifying and scoring 4th party risk with the FICO® Enterprise Security Score, allowing organizations to:

This is important because managing your own firm’s cybersecurity risk now involves understanding the risk of a much broader “extended enterprise.”

Connectivity Creates Aggregate Risk

The extended enterprise is not a new term, but in today’s hyper-connected environment, it takes on new meaning. Large companies may be connected over the internet to tens of thousands of business partners, each of which, in turn, may be connected to thousands more. These “4th parties”—the partners of partners—represent an additional, significant cybersecurity threat, as they can be conduits to all manner of threats that eventually strike within the metaphorical “four walls” of any given enterprise.

Aggregate risk is a familiar concept in the property and casualty (P&C) insurance industry, in which the extreme impact of a common set of threats — such as a major hurricane — can affect a large portion of their portfolio of their business. Aggregate risk modeling helps insurance companies take appropriate steps toward mitigation, including portfolio diversification and allocating appropriate capital to cover claims in case there is a major disruption.

Data breaches and malware attacks are the hurricanes and earthquakes of the rapidly growing cybersecurity insurance industry. Multiplied across the millions of interconnected businesses within the US alone, a single large cyber attack could trigger a similarly large number of claims, posing systemic risk to the insurance industry itself. But given the complex web of connectivity between most large enterprises and their extended network of business partners, it has been nearly impossible to identify and quantify aggregate risk.

A Score That Identifies 4th Party Risk

FICO has enhanced the FICO® Enterprise Security Score to identify the specific 4th party risks of scored organizations. While other approaches involve the application of industry averages, the FICO® Enterprise Security Score now helps breach insurers and enterprise vendor management teams to identify the specific vendor dependencies of their clients and business partners (including deployed IT components), and see the Enterprise Security Score of these 4th party relationships.

The service also helps users to identify common 4th party dependencies across a portfolio of 3rd party relationships. Breach insurers can now understand aggregate risk concentrations across a portfolio of policies, where multiple insureds may be exposed to common IT suppliers and technologies.

The FICO® Enterprise Security Score performs a complex assessment of an organization’s network assets, applies advanced predictive algorithms, and then condenses the results down to a three-digit score that rank-orders based on the odds of breach for the organization. The solution is now enhanced with key IT vendor and cloud service provider information for most organizations, allowing appropriately credentialed users to evaluate the risk of the extended enterprise.

Manage the Big Picture of Cyber Risk

Identifying 4th party risks is an increasingly important consideration for both enterprises and breach insurance carriers. These groups are concerned, respectively, about hidden, aggregate risk exposures across the extended enterprise and their portfolio of insureds. With the FICO® Enterprise Security Score, both can now better measure and manage 4th party risk.

Follow me on Twitter at @dougoclare.

Diagram showing FICO coverage

The post Measuring the Cybersecurity Risk of Your Extended Enterprise appeared first on FICO.

Leave a Comment

Get the BPI Web Feed

Using the HTML code below, you can display this Business Process Incubator page content with the current filter and sorting inside your web site for FREE.

Copy/Paste this code in your website html code:

<iframe src="https://www.businessprocessincubator.com/content/measuring-the-cybersecurity-risk-of-your-extended-enterprise/?feed=html" frameborder="0" scrolling="auto" width="100%" height="700">

Customizing your BPI Web Feed

You can click on the Get the BPI Web Feed link on any of our page to create the best possible feed for your site. Here are a few tips to customize your BPI Web Feed.

Customizing the Content Filter
On any page, you can add filter criteria using the MORE FILTERS interface:

Customizing the Content Filter

Customizing the Content Sorting
Clicking on the sorting options will also change the way your BPI Web Feed will be ordered on your site:

Get the BPI Web Feed

Some integration examples

BPMN.org

XPDL.org

×