Business cyber risks rates are holding steady for US companies, according to the US Chamber of Commerce and FICO. Here’s how to stay safe.
Improve Cybersecurity- Cybersecurity risk faced by US businesses held steady in Q1 2019, according to a recent reportfrom the US Chamber of Commerce and FICO.
The quarterly Assessment of Business Cyber (ABC) Risk, based on scoring nearly 2,400 US companies using the FICO Cyber Risk Score, was 687—unchanged quarter over quarter. The ABC indicates the probability of an organization suffering a data breach in the next year, and, like a FICO credit score, ranges from 300 to 850. The higher the score, the lower the likelihood of experiencing a breach.
For small businesses, scores dropping slightly, from 740 to 737, while large firms’ scores rose slightly, from 646 to 643.
“The disparity in risk scores between small and large organizations is due to the fact that large firms have a wider attack surface and are more frequently the target of cybercriminals,” Doug Clare, vice president for cybersecurity solutions at FICO, said in a press release.
Businesses should note that different industries carry different levels of risk, even outside of the control of individual firms, Clare said in the release. For example, unsurprisingly, banks are a high target, with more valuable data.
Tips to improve cybersecurity
Managing cybersecurity risk involves managing behavioral risks, skills gaps, and technical flaws, the report noted. The US Chamber of Commerce and FICO offered the following recommendations to help businesses stay safe:
1. Use the National Institute of Standards and Technology (NIST) Cybersecurity Frameworkto develop an information security program. The framework enables organizations—regardless of their size, risk profile, or cyber sophistication—to develop a cybersecurity plan or improve an existing one.
2. Develop a reliable understanding of one’s network. This includes identifying assets to apply security management based on risk.
3. Identify functions and teams whose process and policy maturity are not performing adequately. This will enable organizations to identify weak links in technology, personnel, policy, and leadership.
4. Oversee an organization’s network team to confirm alignment to the details of network management policies. Avoid unnecessarily exposing network infrastructure assets and ensure correct configuration for those that must be exposed.