Skip to main content
close search
site logo

Banks, Companies Partner on Cyber-Ratings Principles

Published June 21, 2017
By William Sprouse

Big U.S. banks and corporations are partnering to establish principles for setting cybersecurity ratings, according to the U.S. Chamber of Commerce.

The companies say having agreed-upon principles for the ratings will allow them to better understand the ratings and to challenge then if necessary, according to a report from Reuters. The security ratings, which serve as the cyber equivalent of a credit score, can be used by large corporations to assess how vulnerable their potential partners are to cyberattack. Insurers use the scores to assess liability.

Forty-four companies attached their names to the statement from the Chamber, which endorses principles of transparency, accuracy, model governance, independent, and confidentiality. Among the financial institutions that signed up were Citigroup, Goldman Sachs, JPMorgan Chase, Morgan Stanley, and Wells Fargo. Blackstone, Microsoft, and Lockheed Martin were also signatories.

In a statement, Ann Beauchesne, the Chamber’s senior vice president of national security and emergency preparedness, said a common understanding of how cyber-ratings were derived was fundamental to building trust. “To maximize their utility, both consumers of security ratings and rated companies need to have confidence that ratings are based on actionable, relevant information evaluated through a clear, articulable algorithm or data-driven process,” she wrote.

Startup cyber-ratings companies including BitSight Technologies, RiskRecon, and SecurityScorecard have attracted venture capital funding while drawing criticism from companies who complain their ratings methods remain opaque.

“The challenge is that [startups’] methodologies are proprietary and there hasn’t been transparency on how they go about creating the ratings,” Rohan Amin, JPMorgan’s global chief information security officer, told Reuters.

In their statement of principles, the companies said the common, industrywide approach should include a coordinated process for adjudicating errors in reported content. “Rated organizations shall have the right to challenge their rating and provide corrected or clarifying data,” the companies said.

They also said that any rated organization should be allowed access to their individual rating and any data that causes a change in the rating.

Filed Under: Tax

Editors' picks

Company Announcements

View all | Post a press release
Wealth Inequality the Result of Pure Randomness, Tufts University Study Suggests
From Society for Industrial and Applied Mathematics
November 21, 2023

Want to share a company announcement with your peers?

Get started

Editors' picks
Latest in Tax
image/svg+xml
Industry Dive is an Informa business
© 2023 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell