Can you predict which companies, B Corps, social enterprises or public sector departments will suffer major cyber attacks? Some say you can, here’s the word;
ISS ESG, the responsible investment arm of Institutional Shareholder Services Inc. (ISS), today announced the launch of the ISS ESG Cyber Risk Score, which supports investors by signaling the relative likelihood of a portfolio company suffering a material cybersecurity incident within the next 12 months, based on its external security posture.
Lorraine Kelly, ISS’ Global Head of Investment Stewardship Solutions, said: “With experts predicting potential cybercrime-related losses of US$8 trillion globally in 2023, the timely launch of ISS ESG’s Cyber Risk Score enables investors to identify and help manage cyber risk across their investment portfolios, and to proactively engage with companies to understand cyber breach risks.”
The new Cyber Risk Score is a concise, empirical, and proactive metric that seeks to convey how well a company manages and maintains its network security. The score assesses organizational cyber risk oversight and management through an array of IP and domain based data collections, as well as firmographic information that includes company size and the industry in which the firm operates. The new solution supports investors in several innovative ways, with use-cases ranging from cyber resilience assessments to supporting company engagement through to helping to inform investment decisions and portfolio insights.
The new Cyber Risk Score is a differentiated offering in the market, providing a proactive approach to identifying and managing cyber risks. The Cyber Risk analytics team regularly collects global risk indicators that reflect a company’s cyber security risk behaviors, incorporating elements indicative of organizational security posture on endpoints, software services, and infrastructure configuration. These are combined with historical data to inform ISS’ proprietary risk model that uses machine learning to identify patterns and signatures indicative of potential breach events. It is focused on the effectiveness of cyber security behavior rather than on temporary conditions, and is therefore resilient to the ever-changing cyber threat landscape.
Coverage of this new solution is immediately available for S&P 400, S&P 500, and S&P 600 companies while broader Russell 3,000 curation will be completed in Q1, 2023. The full dataset can be accessed via ISS’ proprietary platform, DataDesk.
The Cyber Risk Score will also be added to ISS’ Benchmark Governance Research and Voting reports for S&P 500 companies, in time for the upcoming 2023 proxy season. The score will be included for informational purposes only and will not impact ISS’ policy application or voting recommendations.
Be the first to comment