The world around us is often a reflection of who we are and what we value. The same can be said for businesses. It’s no longer enough to be resilient, trustworthy, and secure your own organization; the companies you do business with need to meet these same standards. This is why S&P Global Market Intelligence has launched Supplier Risk Indicator™, a new solution that provides a single, comprehensive risk indicator based on three risk dimensions: financial resilience, conduct, and information security.
Quantifying resilience and conduct
S&P Global Market Intelligence, a provider of information services and solutions to global markets, has a proven track record of delivering unrivaled insights and leading data and technology solutions. However, looking at resilience in a comprehensive manner means examining a company’s political, legal, taxation and operational resilience, as well as their cybersecurity posture. This includes measuring a company’s performance on and management of material ESG risks, opportunities, and impacts.
The third dimension: information security
We live in an increasingly interconnected world, where the risk of information security incidents can do just as much damage to an organization’s reputation and bottom line as a bad financial quarter. While businesses can implement robust cybersecurity measures internally, they often depend on third-party vendors, suppliers, and partners to support their operations, and that interdependency is only increasing. It’s estimated that 98% of organizations have a relationship with at least one-third party that has experienced a breach in the last two years. And with a majority of data breaches stemming from the supply chain, knowing who to trust and how to measure risk has historically involved some level of uncertainty.
Reducing risk with cybersecurity ratings
With that in mind, SecurityScorecard has collaborated with S&P Global Market Intelligence to provide our market-leading cybersecurity ratings, which rate an organization’s cybersecurity posture on an easy-to-understand letter-grade system on an “A” through “F” scale. This score is based on hundreds of threat indicators across 10 critical cybersecurity domains, including network security, endpoint security, Domain Name System (DNS) health, potential information leaks, hacker chatter, ransomware risk, and patching cadence. Companies with an “F” rating are 13.8 times more likely to experience a data breach than those with an “A”. The goal with this collaboration is to bring together third-party risk and security assessments to operationalize supply chain risk management at scale.
High-profile cyber incidents like SolarWinds and MOVEit only underscore the importance of measuring third-party risk. And as regulators, including the Securities and Exchange Commission (SEC) begin to mandate greater transparency and accountability when it comes to cybersecurity, organizations must be able to deliver timely and accurate metrics about their cyber health and that of their vendors.
SecurityScorecard is proud to collaborate with S&P Global Market Intelligence to provide organizations with another way to evaluate their partners, quantify cyber risk, and increase trust.