RiskRecon is a leading provider of cybersecurity risk ratings. Organizations throughout the world use RiskRecon’s ratings to better understand and act on their cyber risk across a wide range of contexts and use cases. In February 2024, RiskRecon is releasing an update to its cybersecurity risk rating model. The model is founded on RiskRecon’s unique ability to automatically assess cybersecurity risk performance based on the dimensions of the prevalence and severity of issues and the value at risk in the systems in which the issues exist.

Enterprises operate in a complex digital ecosystem that interconnects with a wide range of customers, vendors, and partners through which data is shared and transactions are processed. Managed well, the ecosystem is a safe platform on which the organization achieves its objectives while protecting its assets, meeting its legal and regulatory obligations, and protecting its reputation.

Cybersecurity ratings provide essential insights into the health of digital ecosystems, enabling better understanding and action on the risks that organizations face. Third-party risk teams use cybersecurity ratings to make better vendor selection decisions and to hold existing vendors accountable for managing cybersecurity risks well. M&A teams use ratings to assess acquisition targets for latent cybersecurity liabilities. Internal security analysts use them to gain a holistic understanding of their internet risk surface and related exposures. And CISOs and boards use ratings to benchmark their cybersecurity performance against peers and competitors.

The RiskRecon cybersecurity ratings platform enables people to confidently make risk decisions rapidly, providing ratings that assess real-world cybersecurity risk management quality. It is founded on RiskRecon’s unique ability to automatically risk prioritize issues based on issue severity and the value at risk of the system in which each issue exists. This yields a risk-responsive model that provides you useful ratings and actionable insights that pinpoint risk in your ecosystem.

We have released a new white paper that details RiskRecon’s new rating model, explaining the rating math, the rating methodology, and the rating scale. To help frame the update, this paper provides insight into the performance rating distributions for several industries and some example third-party risk portfolios. A section is also dedicated to explaining updates to the RiskRecon user interface necessitated by the new rating model.

Download the White Paper