skip to main content

Ovum view


Cybersecurity was a key theme at the recent FICOWorld 2018, where FICO said it has used its "traditional" scoring expertise and made investments in cybersecurity scoring. At the opening keynote on the first full day of the conference, FICO CEO, Will Lansing, announced that FICO wants to be the industry standard in cybersecurity scoring, helping to quantify the cybersecurity risk of organizations. It was also revealed that, based on little more than perception, most enterprises are overconfident about their cyber-readiness.

FICO discusses applications of its enterprise security score

At the event, FICO included a cybersecurity stream for the first time in its history. As well as cybersecurity being referenced in the opening keynotes, there were sessions on quantifying and prioritizing cyber-risks, understanding your cybersecurity posture, cybercrime trends from the C-suite, cyber-risk transfer, and using deep unsupervised learning in cybersecurity.

Why would an organization best known for financial technology and products be running a cybersecurity stream? The answer lies in the FICO Enterprise Security Score, which provides organizations across the globe with a score, irrespective of industry, to assess their security risk.

A score of between 300 (high risk) and 850 (low risk) is given to organizations based on FICO’s measurement and monitoring of key security and risk indicators relating to the management of externally exposed network assets. This information is then analyzed to create a score that predicts the enterprise’s likelihood of any future breach.

Organizations can use the score to provide a barometer for security risk across the enterprise, as well as support cyber-risk insurance underwriting, and enable the assessment of partners and suppliers in terms of cyber-risk.

Research conducted between Ovum and FICO and revealed at FICOWorld shows that many organizations are overconfident about their cyber-readiness, with more than three-quarters of surveyed organizations believing that they are top performers or above average. If these same organizations were to check their FICO Enterprise Security Score, it would be a rude awakening for many to discover that their optimism is misplaced. Being able to apply an independently derived score to an organization’s cybersecurity risk can present a realistic view of cyber-readiness and help prioritize funding in the areas of most significant risk.


Further reading

Business-Driven Security for Enterprise Protection and Compliance, INT003-000115 (April 2018)

"Questions that matter to enterprises: Developing a security strategy", INT003-000099 (March 2018)


Maxine Holt, Research Director, Infrastructure Solutions

[email protected]