Silicon Valley analytics firm FICO today announced that the latest version of its FICO Enterprise Security Score is twice as accurate at predicting a data breach as the previous model, and more than four times as powerful as the best results claimed by competing solutions.
The FICO Enterprise Security Score gives subscribers the ability to assess the forward-looking cyber breach risk of their organisation and their partners, and improves breach insurance underwriting.
Additionally, integration of industry-standard firmographic data and reference identifiers enables quicker and more assured identification of subject organisations and provides additional insight for key supply chain management tasks. FICO has incorporated this information into the product’s user interface, and has enabled streamlined entity identification by common firmographic reference identifiers.
“Accurate prediction of cyber breach in the next 12 months is the goal of the model,” said Doug Clare, FICO’s vice president for cyber security solutions. “The model powering the FICO Enterprise Security Score now has a dynamic range of more than 24X, which means that the lowest scoring organisations have a breach risk 24 times higher than those with the highest scores. Our experience with AI and machine learning led directly to this huge improvement in performance.”
The power of the FICO® Enterprise Security Score has a strong appeal for insurers dealing in cybersecurity risk.
“We selected the FICO Enterprise Security Score because of its empirical approach to scoring risk,” said Josh Ladeau, senior vice president of cybersecurity at London-based Aspen Insurance, one of the world’s top cybersecurity insurance underwriters. “The FICO cyber score presents the most accurate externally derived assessment of organisational security posture that I’ve seen, and when combined with the underwriting data we collect, will help us to shape a cyber insurance portfolio of the highest possible quality.”
FICO uses machine learning techniques to associate features describing the conditional and behavioural characteristics of organisations’ security practices with outcome data (breaches and non-breaches). The result is a high-performing supervised model that quantifies the likelihood of a significant breach event happening over a 12-month period. Because FICO collects data continuously against the entire IP address space, the training data set is always ready to absorb new breach cases, and the scoring engine is always ready to take time-dependent organisational behaviour into account in calculating the risk of breach.
“The addition of the firmographic data, including common reference identifiers, helps the score’s users understand the scope, scale, location and nature of the organisations they evaluate,” said Clare. “Understanding these characteristics helps the user categorise their vendors and business partners, and allows for a better understanding of supply chain risk exposure.”
The new scoring algorithm, integration of firmographic data and related enhancements in the user interface are now in production and in use by FICO’s subscribers.