Executive Summary

Companies are increasingly pursuing management of cyber risk rather than eliminating it outright, as hacker attacks become more prolific, widespread and hard to stop. A trio of attorneys/experts at the law firm Akin Gump argue that cyber security ratings for companies carried out by outside, independent ratings companies could help support informed underwriting and better risk management.

Nearly 30 years ago the Fair Isaac Corporation (“FICO”) first introduced its metric for measuring creditworthiness. Since then, the FICO Score has become a default metric used by countless market participants to facilitate arms-length transactions. It is a score that, while not without problems, is generally understandable and easily accessible.FICO and other entities are now promoting new methods of rating companies’ cyber risk and resiliency with the same goals of promoting informed decision-making. The growing importance of such ratings was recently recognized by the U.S. Chamber of Commerce, which published “Principles for Fair and Accurate Security Ratings” in June 2017. This article briefly discusses the growing role of security ratings in driving business strategy and the need for more uniform standards among ratings companies.

Member Only Content

To continue reading, purchase this article or become a member.

*Already have an account? Click here to login