USCoC: Cyber Risk Assessment for U.S. Businesses Holding Steady for Q1


The assessment is based on scoring over 2,000 U.S. companies using the FICO Cyber Risk Score.

The U.S. Chamber of Commerce, in partnership with FICO, has released its latest Assessment of Business Cyber Risk (ABC) report and the level of cyber risk in the U.S. business community is holding steady in Q1 of 2019 with a national risk score of 687.

The ABC is designed to measure the cybersecurity risk facing the U.S business community using the FICO Cyber Risk Score and improve cybersecurity awareness.

According to the report, small firms have been improving since Q4 2019 with their score moving from 737 to 740. Large firms moved from 646 to 643.

See also: BDO sees some boards ready for cyber risk, others not so much

The ABC offers the revenue-weighted average of the FICO Cyber Risk Score for close to 2,400 small, medium and large companies across the U.S. It represents the probability of a data breach within the next 12 months. It’s similar to credit scores with a range of 300-850. The higher the score, the low the risk of a breach, based on five years of data.

“When we launched the ABC in October 2018, it was a wake-up call to many businesses across the country,” said Christopher D. Roberti, senior vice president for cyber, intelligence, and security policy at the U.S. Chamber of Commerce. “Our focus this quarter is to help businesses understand how to improve their cyber posture. It is important to emphasize that a lower score—whether for a company or a sector—does not necessarily imply that insufficient diligence is being applied by those entities. Such entities may simply have a higher risk profile (i.e., they face greater risk of breach) due to the nature of their businesses.”

The Chamber of Commerce offered six tips for reducing cyber risk:

  1. Use the National Institute of Standards and Technology (NIST) Cybersecurity Framework to develop an information security program. The framework enables organizations—regardless of their size, risk profile, or cyber sophistication—to develop a cybersecurity plan or improve an existing one.
  2. Develop a reliable understanding of one’s network. This includes identifying assets to apply security management based on risk.
  3. Identify functions and teams whose process and policy maturity are not performing adequately. This will enable organizations to identify weak links in technology, personnel, policy, and leadership.
  4. Oversee an organization’s network team to confirm alignment to the details of network management policies. Avoid unnecessarily exposing network infrastructure assets and ensure correct configuration for those that must be exposed.
  5. Protect and monitor network endpoints. Organizations that monitor endpoints are able to provide an early warning of potential problems.
  6. Develop a process to confirm that active certificate management programs are in place and are being implemented.

For more information, visit

Sue Walsh

About Sue Walsh

Sue Walsh is News Writer for RTInsights, and a freelance writer and social media manager living in New York City. Her specialties include tech, security and e-commerce. You can follow her on Twitter at @girlfridaygeek.

Leave a Reply