Analytic software firm FICO announced today that it is developing a FICO® Enterprise Security Score, which will rank an organisation’s level of cybersecurity risk. To further this effort, FICO has acquired QuadMetrics, an innovative cyber risk security scoring company from Ann Arbor, Michigan. QuadMetrics leverages predictive analytics to monitor signals from open source and proprietary data sources to provide an overall security score for an enterprise, helping security professionals address gaps and enabling partners and insurers to understand a firm’s security risk. The transaction has closed, and terms have not been disclosed.
The FICO Enterprise Security Score, a complement to FICO® Falcon® Cybersecurity Analytics for threat detection, will be an easy-to-understand metric that will facilitate board-level risk assessment, third-party vendor management, and cyber breach insurance underwriting. Along with a score, the product will provide current threat profile characteristics and granular insights into potential security issues.
FICO Falcon Cybersecurity Analytics are based on the patented behavioural analytics that have made the FICO® Falcon® Fraud Platform the world leader in payment card protection. With this acquisition and the infusion of FICO’s analytic scoring methods, FICO will provide both cybersecurity defences and an enterprise-level “cyber score” that gives an empirical, impartial measure of a company’s security.
The new product will leverage both quantitative and qualitative insights to assess and understand the risk of an organisation’s network assets. It will also help organisations manage similar risks associated with key vendors, business partners and other third parties, and enable breach insurance brokers and underwriters to better and more consistently assess enterprise risk for underwriting and portfolio management.
“We believe cybersecurity can only be substantially and sustainably improved through creating a strong ecosystem, and a vital part of that ecosystem is a common rating that all parties can use to evaluate cyber risk,” said Doug Clare, vice president of cybersecurity solutions at FICO. “We’re excited to have the QuadMetrics team – and their deep expertise – joining us in our efforts to fight cybercrime and help all organisations improve their visibility and insights into cyber risk. Just as the FICO Score gave credit markets a single metric for understanding credit risk, this product will give the industry a common view of enterprise cybersecurity risk.”
“While all organisations are leveraging both sophisticated software and expert guidance to protect themselves from cyber-attacks, it is increasingly important that other dependent parties have a common means of assessing the effectiveness of those efforts,” said Wes Huffstutter, CEO of QuadMetrics. “Clients, partners, underwriters and regulators have a stake in understanding an organisation’s level of cyber risk. FICO’s Enterprise Security Scores will provide the transparency, consistency and confidence required to strengthen the entire security ecosystem.”
QuadMetrics leverages technology developed at the University of Michigan via funding from the Department of Homeland Security Science and Technology Directorate and the National Science Foundation. In April of this year, Gartner designated QuadMetrics a Cool Vendor in Risk Management for 2016.1 In acquiring QuadMetrics, FICO becomes the exclusive licensee of QuadMetrics’ intellectual property and pending patents, and gains access to a rich historical pool of development data for additional analytics research. FICO will enhance the solution with its deep catalogue of proprietary analytics methods and its experience in developing, marketing and distributing broad-based scores for managing different classes of risks across industries. A FICO-branded and enhanced version of the QuadMetrics offering will be launched later this summer.
In related news, FICO announced in April that it had partnered with iboss Cybersecurity to embed its ground-breaking AI-based Cyber Analytics as part of the iboss node-based, direct-to-cloud, containerised platform, a leading solution for cybersecurity and malware protection.