TheCorporateCounsel.net

As Meredith recently noted in The Proxy Season Blog, ISS recently announced an “updated and enhanced” version of its Cyber Risk Score. The announcement notes that the new version of the Cyber Risk Score “takes advantage of a richer collection of cyber incident exemplar data” so that “organizations that score 300 are 32 times more likely to suffer a significant breach incident over the subsequent twelve-month period than organizations scoring 850.” The announcement highlights these newly added metrics:

A newly added Cyber Risk Decile metric provides further insight into relative risk, as measured by the score, in the context of industry-relevant peer groupings. Additionally, new Component Scores describe the relative impact of underlying technical measurements on the ISS Cyber Risk Score for any given firm across five different categories of risk exposure, including Internet Presence, Infrastructure, Software Services, Endpoint Security, and Website Construction. … The score is packaged with other details and explanatory tools that help users interpret and action the score for multiple use-cases, including investment portfolio risk assessment, investment stewardship, and issuer engagement.

The Cyber Risk Score appears in ISS Benchmark Research and Voting reports of the S&P 600 and Russell 3000.

– Dave Lynn