Cyber Risk Scorecard: Risk Monitoring and Mitigation is Core to Modern Governance in 2021

Awakened by the magnitude of recent cyber breaches (e.g., SolarWinds, FireEye), boards, the audit committee and management teams are coming to terms with the vulnerable global network on which modern business is built. It's no longer a matter of your own cybersecurity, but the posture and preparedness of every supplier, every integration and employee – it's always the weakest link. The only way to guarantee you're protected is to hunker down, retreat and recess – and, of course, that's not an option. 

In 2021, security ratings will become as essential as credit ratings to understanding the risk of business relationships. With the influx of virtual work and businesses shifting to digital, company leaders need to be able to quickly identify, assess and mitigate cyber risk. Boards, in particular, are responsible for asking the right questions: 

• How do our cybersecurity capabilities stack up against our competition? 
• How does the board know the organization is improving its security and compliance posture? 
• Does the business we’re about to acquire have cybersecurity issues that could impact the deal? 
• Does the service provider we’re considering have vulnerabilities that can put our organization at risk? 
• What is the risk level of our current third-party providers? 

Long-winded board books no longer match the threat landscape, which is internal, external and ever evolving. Directors often describe to me this paradox: needing more information, but needing it delivered more efficiently and frequently. While the concept of “risk dashboards” has been around for a while, it may be time for boards to take a more serious look. 

Introducing the New Cyber Risk Scorecard

Inspired by conversations with directors who are asking for better ways to keep a pulse on cyber risk, Diligent is launching a Cyber Risk Scorecard within its Boards application. Powered by SecurityScorecard, a global leader in cybersecurity ratings and named 2020 technology pioneer by the World Economic Forum, the new Cyber Risk Scorecard provides organizations with a data-backed cyber risk score based on 10 factors including application security, network security, patching cadence and end-point security – to list a few. 

For those wondering how it works, companies are graded with a simple A-F scale. Organizations with an F rating, for example, are 7.7 times more likely to experience a data breach than those with an A rating. Especially when part of a comprehensive risk oversight strategy, SecurityScorecard's ratings have proven to effectively highlight cybersecurity vulnerabilities and help prevent data breaches. 

As boards emerge from the pandemic with new styles of oversight, they must embrace new styles of information. Ratings, graphs and color-coded flags can act as eyes and ears, driving board members to ask better questions. Those looking for more information can learn more about the Cyber Risk Scorecard here, while all Diligent users can expect access within their Boards application in February 2021. 

Looking Ahead

Like many of you, I’m hopeful for a brighter 2021 and excited for the learnings that will surface as we reflect on the challenging months behind us. One thing I can assure you: Diligent team is hard at work, anticipating scenarios and continuing to innovate on our governance platform can help you pivot and adapt – no matter what this year brings. 

For those interested in more information, learn more about our Cyber Risk Scorecard and don’t miss our upcoming webinar on The Board's Role in Driving Digital Resilience.