Cyber risk levels hold steady, though larger firms are prime targets
The level of cyber risk to the U.S. business community held steady in the first quarter of 2019—with a national “risk score” of 687, according to the Assessment of Business Cyber Risk report recently released by the U.S. Chamber of Commerce and FICO, a provider of predictive analytics software.
The FICO Cyber Risk Score measures the aggregate cyber security risk faced by U.S. businesses. The score is the revenue-weighted average for nearly 2,400 small, medium, and large companies, and calculates the probability of an organization suffering a material data breach in the next 12 months.
Similar to a FICO credit score, the range is 300 to 850. The higher the score the lower the likelihood that an organization will experience a data breach in the next 12 months. Similarly, a lower score indicates a greater risk of a successful data breach, based on five years of historic breach data.
The score analyzes billions of cyber risk indicators and uses machine learning to produce a metric for measuring cyber risk, the report said. Since the fourth quarter of 2018 small firms showed a slight improvement—up to 740 from 737—while large companies moved from 646 to 643. These changes indicated relatively stable risk performance from quarter to quarter.
“The disparity in risk scores between small and large organizations is due to the fact that large firms have a wider attack surface and are more frequently the target of cyber criminals,” said Doug Clare, vice president for cyber security solutions at FICO.