Nearly 30 years ago the Fair Isaac Corporation (“FICO”) first introduced its metric for measuring creditworthiness. Since then, the FICO Score has become a default metric used by countless market participants to facilitate arms-length transactions. It is a score that, while not without problems, is generally understandable and easily accessible.
Executive SummaryCompanies are increasingly pursuing management of cyber risk rather than eliminating it outright, as hacker attacks become more prolific, widespread and hard to stop. A trio of attorneys/experts at the law firm Akin Gump argue that cyber security ratings for companies carried out by outside, independent ratings companies could help support informed underwriting and better risk management.
FICO and other entities are now promoting new methods of rating companies’ cyber risk and resiliency with the same goals of promoting informed decision-making. The growing importance of such ratings was recently recognized by the U.S. Chamber of Commerce, which published “Principles for Fair and Accurate Security Ratings” in June 2017. This article briefly discusses the growing role of security ratings in driving business strategy and the need for more uniform standards among ratings companies.