Cybersecurity ratings are of growing value in Bermuda companies’ quest to keep their digital property safe.
That is the view of Stephen Bull, managing director of island IT firm Independent Consulting Solutions who stressed the importance of the security ratings’ reliability.
ICS is working closely with US security ratings expert BitSight to provide a range of cyber-related security risk solutions to a range of on-island companies, particularly in the insurance and financial services sector.
“Security rating companies use a combination of data points collected or purchased from public and private sources, and proprietary algorithms, to articulate an organisation’s security effectiveness into a quantifiable measure or score,” Mr Bull said.
“As these ratings rely in part upon the quality and breadth of the data they use, the variety of sources and the dynamic nature of the environment, it is vitally important that our clients are able to rely on the security ratings data they receive, and to be able to evidence and demonstrate this at audit time.”
The Petya and WannaCry ransomware attacks this year have drawn attention to the importance of cybersecurity and of how expensive breached IT defences can be for companies, in financial and reputational terms.
And just this week, PwC’s Insurance Banana Skins report showed that cyber-risk was viewed as the major concern among 49 CEOs surveyed on the island.
More than 40 companies are supportive of the principles for fair and accurate security ratings including BitSight, Goldman Sachs, Bank of America, E-trade, Aetna, Morgan Stanley and Starbucks.
They collectively agree that the common approach should:
• Promote quality and accuracy in the production of security ratings.
• Promote fairness in reporting.
• Include a co-ordinated process for adjudicating errors or inaccuracies in reported content.
• Establish guidelines for appropriate use and disclosure of the scores and ratings.
Massachusetts-based BitSight pioneered security ratings and was the first company to offer a security ratings product. ICS has been working closely with BitSight in Bermuda for more than a year.
“We are pleased to see adoption rise, as we believe the day is quickly coming when security ratings will be as critical as credit ratings and other factors considered in business partnership decisions,” said Tom Turner, president and CEO of BitSight.
“Becoming the trusted standard in security ratings doesn’t happen overnight. It requires everything from a commitment to data quality and data science, to remaining independent of influence, to applying security ratings consistently and uniformly across all companies.”