Cyber Risk Ratings

Cyber Risk Rating services review companies and assign scores based on cybersecurity indicators. Risk rating scores are used for third party risk management, and are often used for cybersecurity insurance underwriting.

The Data Quadrant is a thorough evaluation and ranking of all software in an individual category to compare platforms across multiple dimensions.

These include:

  • User Satisfaction Rankings
  • Business Value Scores
  • Vendor Capability Comparisons
  • Product Feature Evaluations

The Emotional Footprint is a powerful indicator of overall user sentiment toward the relationship with the vendor, capturing data across five dimensions.

These include:

  • Strategy and Innovation
  • Service Experience
  • Conflict Resolution
  • Product Impact
  • Negotiation and Contract

Still need assistance?

We're here to help you with understanding our reports and the data inside to help you make decisions.

Latest Research

Panorays Enhances Its Cyber Risk Ratings Product With New Dark Web Monitoring Features
January 14, 2020

Dark web monitoring for supply chain risk is becoming a mandatory feature for cyber risk ratings providers. Panorays’ latest press release shows that it is catching up to the big players.

Author: Kevin Peuhkurinen (Info-Tech)

NormShield Now Allows You to Quantify Supply Chain Risk in Dollars. But Is That a Good Thing?
January 09, 2020

Normshield recently announced that it has licensed the FAIR model to allow customers to quantify supply chain security risk in terms of financial impacts. It is innovative, but is it useful?

Author: Kevin Peuhkurinen (Info-Tech)

BitSight Says Cyber Risk Ratings Are a Good Measure of Internal Risk – Is It Right?
October 04, 2019

BitSight Enterprise Analytics looks to increase the value proposition of using cyber risk ratings for internal risk management, but are they barking up the wrong tree? If you assume that cyber risk ratings are mostly useful for third-party risk management, you aren’t alone. BitSight is aiming to change that with its new Enterprise Analytics solution, but it may be chasing after the wrong audience.

Author: Kevin Peuhkurinen (Info-Tech)

See All Research

Cyber Risk Ratings Products

Filter by:

BitSight Technologies

BitSight for Third-Party Risk Management

BitSight for Third-Party Risk Management immediately exposes cyber risk within your supply chain, helping focus your resources, and work alongside you and your vendors to achieve significant and measurable cyber risk reduction. BitSight gives you insight into the riskiest issues impacting your vendors, backed by data that correlates to potential security incidents and context from the most engaged community of risk and security professionals.

--

Composite Score

--

CX Score

--

Emotional Footprint

--

Likeliness to Recommend

0

Reviews

SecurityScorecard

Security Ratings

SecurityScorecard enables users to view and continuously monitor security ratings, easily add vendors or partner organizations, and report on the cyberhealth of their ecosystems. The platform automatically generates a recommended action plan for issue remediation in order to achieve a “target” letter grade for customers and their vendor and partner organizations. It also provides access to breach insights and shows a clear record of issues that have impacted scores over time. Additional collaboration tools help enterprises better manage cyber security and ensure continuous compliance with regulatory standards and frameworks.

--

Composite Score

--

CX Score

--

Emotional Footprint

--

Likeliness to Recommend

0

Reviews

iTrust Holdings Inc.

iTrust

iTrust provides cybersecurity risk ratings and risk intelligence to help businesses build trusted relationships with their vendors, partners, and suppliers. iTrust collects and analyzes third-party risk metrics using machine learning to deliver 360° vendor security and compliance visibility. iTrust is designed to be the world’s most intelligent cyber risk rating and threat intelligence platform.

--

Composite Score

--

CX Score

--

Emotional Footprint

--

Likeliness to Recommend

0

Reviews

Fair Isaac International Corporation

FICO Cyber Risk Score

The FICO® Cyber Risk Score is an empirical score that relies on a comprehensive and diverse set of cyber security data signals, collected at Internet scale, to determine the risk profile of any organization. These signals reflect key risk indicators including the health and hygiene of IT systems, network infrastructure and software and services. These current and historical data signal behaviors are compared to past behaviors of organizations that have, and have not, suffered a material data breach.

--

Composite Score

--

CX Score

--

Emotional Footprint

--

Likeliness to Recommend

0

Reviews

Normshield

NormShield Cyber Risk Scorecards

Knowing your Cyber Risk Score gives you the information necessary to protect your business from cyberattacks and increases your awareness of third-party risks. NormShield Cyber Risk Scorecards allow you to monitor your own cyber risks as well as the cyber hygiene of your entire vendor ecosystem. With easy-to-understand letter-grade scores, you will have a clear view of your security posture, understand how you compare against your competitors and know your status on relevant compliance standards and regulations.

--

Composite Score

--

CX Score

--

Emotional Footprint

--

Likeliness to Recommend

0

Reviews

Panorays

Panorays

Panorays automates third party security management. The platform enables companies to easily view, manage and engage on the security posture of their third-parties, vendors, suppliers, and business partners. With the Panorays platform, companies dramatically shorten their third-party security evaluation process and gain continuous visibility while ensuring compliance to regulations such as GDPR and NY DFS. Panorays is a SaaS-based platform, no installation needed.

--

Composite Score

--

CX Score

--

Emotional Footprint

--

Likeliness to Recommend

0

Reviews

Prevalent

Prevalent Vendor Risk Assessment

Vendor Risk Assessments to Ensure Compliance and Reduce Security Exposures. Delivered as part of the industry’s only purpose-built, unified platform for third-party risk management, the cloud-based Prevalent Vendor Assessment Service helps IT security, privacy, and risk management professionals determine vendor compliance with IT security and data privacy requirements to reduce vendor risk.

--

Composite Score

--

CX Score

--

Emotional Footprint

--

Likeliness to Recommend

0

Reviews

RiskRecon

RiskRecon

RiskRecon provides a SaaS platform that helps organizations more effectively manage the risk reality of increasingly interconnected IT ecosystems by delivering frequent, comprehensive and actionable security performance measurements. Using proprietary data gathering techniques, RiskRecon creates a 360-degree risk profile of an enterprise's public IT footprint. Based on that footprint and a detailed analysis, a RiskRecon rating and report is generated providing detailed, actionable information with context. No additional analysis is required.

--

Composite Score

--

CX Score

--

Emotional Footprint

--

Likeliness to Recommend

0

Reviews

UpGuard, Inc

UpGuard VendorRisk

Control third-party risk and improve your security posture. Monitor and rate your vendor security performance. Automate your security questionnaires.

--

Composite Score

--

CX Score

--

Emotional Footprint

--

Likeliness to Recommend

0

Reviews

Corax Cyber Security Inc.

Corax

Corax is the leading and largest source of cyber exposure data and predicted loss costs of breach and network outage events. Corax’s rich data foundation is created through expert selection, ingestion and analysis of third party datasets, including threat intelligence, internet performance data and loss data, and using proprietary automated discovery tools that identify detailed characteristics of the technology and security environment of individual companies and their interconnections with other companies.

--

Composite Score

--

CX Score

--

Emotional Footprint

--

Likeliness to Recommend

0

Reviews

Guidewire Software

Cyence Risk Analytics

Guidewire has developed a scenario designed to estimate the origin of losses due to a mass business interruption following a ransomware event. This advancement in our latest risk model—version 4—expands the parameters of risk evaluation to enable a more comprehensive view of cyber risk exposure. Insurers can improve their portfolio exposure management, set appropriate limits, and gain the confidence to adapt and succeed in the rapidly evolving world of cyber risk.

--

Composite Score

--

CX Score

--

Emotional Footprint

--

Likeliness to Recommend

0

Reviews

CYRATING

CYRATING

CYRATING helps forward-thinking organisations to maximize their cybersecurity performance and investments. We identify potential for improvement, benchmark it against industry best practices and provide standardized cybersecurity metrics. Our tech platform combined with our analysts’ insights provide a solid foundation and a common language for both CEOs and cybersecurity executives.

--

Composite Score

--

CX Score

--

Emotional Footprint

--

Likeliness to Recommend

0

Reviews

All Research

Panorays Enhances Its Cyber Risk Ratings Product With New Dark Web Monitoring Features
January 14, 2020

Dark web monitoring for supply chain risk is becoming a mandatory feature for cyber risk ratings providers. Panorays’ latest press release shows that it is catching up to the big players.

Author: Kevin Peuhkurinen (Info-Tech)

NormShield Now Allows You to Quantify Supply Chain Risk in Dollars. But Is That a Good Thing?
January 09, 2020

Normshield recently announced that it has licensed the FAIR model to allow customers to quantify supply chain security risk in terms of financial impacts. It is innovative, but is it useful?

Author: Kevin Peuhkurinen (Info-Tech)

BitSight Says Cyber Risk Ratings Are a Good Measure of Internal Risk – Is It Right?
October 04, 2019

BitSight Enterprise Analytics looks to increase the value proposition of using cyber risk ratings for internal risk management, but are they barking up the wrong tree? If you assume that cyber risk ratings are mostly useful for third-party risk management, you aren’t alone. BitSight is aiming to change that with its new Enterprise Analytics solution, but it may be chasing after the wrong audience.

Author: Kevin Peuhkurinen (Info-Tech)

Panorays Gifts Its Customers a Mixed Blessing in Access to Shared Assessments Program Questionnaire
October 04, 2019

Panorays has announced a partnership with Shared Assessments to provide Panorays customers with access to the Standard Information Standard (SIG) questionnaire. This is an innovative offering but may prove to be a mixed blessing.

Author: Kevin Peuhkurinen (Info-Tech)

SecurityScorecard Admits That Third Party Risk Management Is Hard and Announces Professional Advisory Services
March 29, 2019

SecurityScorecard has announced the availability of new professional advisory services to help customers consume its vendor cyber risk rating product. In doing so, it is tacitly admitting that risk ratings are not the easy solution they’ve been hyped to be.

Author: Kevin Peuhkurinen (Info-Tech)

RiskRecon and RSA Announce Partnership to Bring Cyber Risk Ratings to Archer GRC Customers
March 11, 2019

​RiskRecon and RSA have announced a partnership to bring RiskRecon’s third-party risk rating services to RSA’s Archer Governance, Risk and Compliance (GRC) system. This should be a welcome move for Archer customers.

Author: Kevin Peuhkurinen (Info-Tech)

BitSight Announces New Cyber Risk Score Benchmarking Service
March 04, 2019

BitSight, one of the leaders in cyber risk rating, has announced a new product to allow organizations to benchmark against their peers. Dubbed “Peer Analytics,” this service will interest companies where benchmarking is a compliance obligation.

Author: Kevin Peuhkurinen (Info-Tech)

SecurityScorecard Launches Project Escher to Aid Non-Profits With Vendor Risk Management
February 26, 2019

SecurityScorecard, a leader in vendor cyber risk rating, has announced an initiative to help non-profit organizations with third-party risk management. Named Project Escher, this initiative demonstrates SecurityScorecard’s commitment to the non-profit sector.

Author: Kevin Peuhkurinen (Info-Tech)