Users around the world adopt security ratings to understand risks that their own organization faces or their third parties may introduce. These risks include the threat of a breach. In a recent study, IBM and the Ponemon Institute found that the global average cost of a data breach in 2020 is $3.86 million. Not only can the financial impact of a breach be incredibly damaging, but the trust that companies have with their customers and partners may also be potentially lost and take years to build again. With the number of breaches and its financial impact continuing to rise in our current work from home (WFH) operating environment, organizations need an increasingly accurate picture of risk.
At SecurityScorecard we are continuously introducing enhancements that optimize our security ratings, so that users have the most accurate understanding of risk. One of these enhancements is analyzing our data and utilizing machine learning (ML) to tune our risk factor weights.
Machine learning tuned risk factors
By utilizing a data-driven approach, SecurityScorecard is able to optimize the correlation between our security ratings and the relative likelihood of a data breach. This provides scores with more meaningful risk insights so that our users can make smarter business and security decisions.
After an extensive study, we found that companies with an F SecurityScorecard rating are 7.7x more likely to incur a breach when compared to companies with an A. This is a 37% enhancement in the correlation between SecurityScorecard Ratings and the relative likelihood of a data breach compared to the original study, where factor-weights were determined by subject-matter experts only.
Machine Learning uses big data to train learning algorithms to discover patterns and make new predictions with greater accuracy and performance. The larger the amount of data and the higher the quality the better training of algorithms. This is why SecurityScorecard’s large amounts of data from over 1.5 million companies worldwide enables better training of our scoring algorithms This brings our users unique insights into important cybersecurity events and trends at scale and across a range of company sizes, industrial sectors, and geographical locations.
Additionally, artificial intelligence highlights significant predictors of risk that may only be visible through big data analysis.
Now that, our security ratings scores have been optimized with machine learning, what should users do now?
- After reviewing the new breach probability statistics, users should decide on the risk tolerance level that their organization is okay with for themselves and their third parties. Risk tolerance levels may differ depending on the criticality of the vendor or the type of data that is shared. For example, the risk tolerance level for a critical vendor that has access to sensitive data may be low, meaning their score should not drop below a B. However, while a non-critical vendor with no access to sensitive data may still be a security risk, the risk tolerance level for that company may be higher, meaning their score should not drop below a C.
- Next, users should take advantage of various capabilities in the platform to help streamline workflows and alerts so that grades don’t drop below their organization’s risk tolerance. For example, you can add your third parties to different Portfolios to get an overview of where they fall and understand how many those third parties have a high relative breach probability. This will help your organization get a better understanding of what actions to take. Additionally, creating automated workflows with Rule Builder can save you time and resources by leaving the monitoring up to SecurityScorecard. Select a trigger, such as a grade drop below a B, for your own Scorecard or any Portfolio, and an action, such as sending an Atlas Questionnaire.
Optimized scores enable users to have a better understanding on where to focus and what actions to take, leading to a more secure environment.