SecurityScorecard has partnered with credit rating firm Fitch Ratings, in a move designed to provide investors with clearer insights into companies’ cybersecurity postures.
The announcement comes more than a year since the start of COVID-19 pandemic, a crisis which has led to many companies undergoing rapid digitization programs and shifting to remote working models. This has, in turn, widened the attack surface for cyber-criminals, making businesses more vulnerable to breaches.
In this landscape, cyber-risk is becoming an increasingly important consideration for investors when assessing a company’s credit risk, due to the potentially severe financial, reputational and regulatory implications of breaches.
While cyber-risk is already included in Fitch’s credit rating analysis, it will now be able to leverage SecurityScorecard’s “outside-in” scoring methodology to offer a more standardized and transparent way of assessing this area.
The partnership will initially focus on sectors where cyber-risk is particularly material, such as banks and other financial services, although there are plans to branch out into other industries in the future.
Kevin Duignan, global analytical head for Fitch Ratings, commented: “Through our collaboration with SecurityScorecard, Fitch looks to provide investors with additional insight into understanding and comparing cyber risk exposure across a broad set of institutions, beginning with banks.”
Aleksandr Yampolskiy, CEO and co-founder of SecurityScorecard said: “SecurityScorecard is thrilled to partner with Fitch Ratings to help investors of all sizes understand the true risk posture of organizations, so they can efficiently and effectively make smart investments.
“SecurityScorecard's best-in-class security scores are fast becoming a critical tool to help investors understand which organizations are at highest risk of a cybersecurity breach, which can affect investments as well as stock prices."
Fitch has already analysed 484 global banks using SecurityScorecard's scoring criteria, the results of which it has detailed in a separate report entitled Exploring Bank Cybersecurity Risk.