Silicon Valley analytics firm FICO today announced impressive results for its FICO® Enterprise Security Score, which assesses the forward-looking cybersecurity risk of trusted third parties and business partners. The company’s research shows that its score is twice as accurate as competing scores in terms of forecasting the likelihood that a company will suffer material data loss from a breach.
“The goal of any predictive model in this category is to maximise the separation of good and bad outcomes in the specified performance period,” said Scott Zoldi, FICO’s chief analytics officer and the primary architect of FICO’s security analytics. “A key effectiveness measurement of a predictive model is its dynamic range – the difference in outcome odds between the highest and lowest scores produced by the model. The models powering FICO Enterprise Security Score have a dynamic range of more than 11X, meaning the odds of a major breach are 11 times greater for the lowest-scoring organisations than for the highest-scoring organisations. This separation is more than twice as large as other scores in the market that have published results.”
The FICO Enterprise Security Score helps enterprises vet the security risk of potential partners and monitor ongoing risk across an entire portfolio of existing partnerships. The results reflect the long-term stability of partners’ security practices, the effectiveness of security policies, and the condition of network assets. The scores are delivered with robust capabilities for ongoing management and benchmarking, including the ability to organise entities into portfolios, create peer groupings, and generate and route alerts for changing conditions or behaviours.
“An institution’s liability for a data breach now extends throughout its entire supply chain,” said Doug Clare, FICO vice president for cybersecurity solutions. “As a result, organisations are responsible for security risks introduced by their business partners’ networks -— risks that are beyond the immediate control of their respective IT departments. With enterprises often interfacing with hundreds or even thousands of vendors and business partners, the aggregate risk exposure is significant.”
Unlike other solutions in the market, the FICO® Enterprise Security Score is empirically derived, utilising proven analytics best practices gleaned from 60 years as the premier provider of predictive scores, such as the market-leading FICO® Score for consumer credit risk. For the Enterprise Security Score, FICO data scientists explore a deep pool of historical data and security breach exemplars to determine mathematical, causal relationships between network conditions, organisational behaviours, and negative outcomes.
FICO’s algorithm is built around an objective outcome that is forward-looking, geared to measure the risk of a major breach in the next 12 months, rather than simply assess current security posture. The score is delivered with reason codes, which allows scored organisations to quickly remediate the weakest parts of their infrastructure and actively work to remediate and improve scores over time.