ISS ESG

CYBER RISK SCORE

Assess cyber risk across your investment portfolio. 

Get help in measuring and mitigating cyber risk through your investment portfolio with a standardized, trustworthy data-driven approach. 

Serious cyber security incidents can lead to operational, legislative, and reputational risks for investors.

The Cyber Risk Score is a data-driven rating that provides visibility into the level of cyber readiness and resilience an organization has implemented based on its ongoing actions to identify, manage, and mitigate cyber risk across its external technology networks. The comprehensive set of historical data behind the Cyber Risk Score is enriched with details of known breach events to create a predictive score that forecasts the risk of future breach events. 

Benefit from a concise, empirical, and proactive metric that seeks to convey how well a company manages and maintains its cyber security posture, powered by a machine learning model trained to identify the potential for a breach event over the next 12 months.

USE THE CYBER RISK SCORE TO HELP:

Investors Icon

Identify and manage cyber risk across your investment portfolio  

icon-2

Proactively engage with companies to mitigate risks correlated to a breach 

icon-4

Make informed
investment decisions
 

icon-5

Cross-reference companies with greater risks in customer data protections 

Access Actionable Insights

Delivered through ISS ESG’s proprietary DataDesk platform and data feeds investors can easily ingest cyber risk score data into their own internal processes. Clients can further leverage DataDesk functionality to screen their investment universe for cyber risk exposure and assess the cyber resilience of their portfolio holdings. 

CYBER RISK SCORE
Ranges from the riskiest score of 300 to the least risky score of 850.
FIRMOGRAPHIC MAX
Reflects the organization’s maximum achievable Cyber Risk Score, considering inherent industry and organizational factors including sector classification and employee count.
TOP 3 REASON CODES
Provides a description of the three most relevant risk signals per company. These broadly capture five types of risk indicators: botnet activity, software misconfigurations, misconfigured infrastructure, website misconfigurations, and demographic elements.

Distinct Methodology for Assessing Cyber Risk

The Cyber Risk Score is generated from data findings collected from cyber assets identified as being either owned or operated by the company or any of the company’s majority-owned subsidiaries.  

 

The overall cyber risk performance of a company is represented as a single, concise score on a scale from 300 to 850. A score of 300 represents high risk; a score of 850 represents low risk. 

cyberrisk-landingpage-infog

The ISS ESG Difference

esgdifference-3

Global risk indicators that reflect companies’ cyber security risk behaviors are collected on a continuous basis. 

esgdifference-1

Historical data informs our proprietary risk model that uses machine learning to identify patterns and signatures indicative of potential breach events. 

esgdifference-2

The methodology is focused on the effectiveness of cyber security behavior rather than on temporary conditions, which makes it resilient to the ever-changing cyber threat landscape.  

Deep Dive Into the Cyber Risk Score

ISS ESG US CYBER INDEX

Identify and track companies with low or negligible cyber-related risks, based on the Cyber Risk Score.

cyber-security-risk-a-growing-threat

Cyber Security Risk: A Growing Threat

READ THE REPORT AT ISS INSIGHTS ›

ISS ESG Logo

Trust the Cyber Risk Score to help you assess and manage your cyber exposure.

Explore our ESG solutions

CONNECT WITH US

Start typing and press Enter to search