USCoC: Cyber Risk Assessment for U.S. Businesses Holding Steady for Q1


The assessment is based on scoring over 2,000 U.S. companies using the FICO Cyber Risk Score.

The U.S. Chamber of Commerce, in partnership with FICO, has released its latest Assessment of Business Cyber Risk (ABC) report. The ABC uses the FICO Cyber Risk Score to measure cybersecurity risks in the business community and to improve cybersecurity awareness.

The ABC offers the revenue-weighted average of the FICO Cyber Risk Score for close to 2,400 U.S. small, medium and large companies. It calculates the probability of a data breach within the next 12 months. It’s similar to credit scores with a range of 300-850. The higher the score, the low the risk of a breach, based on five years of data.

The current level in Q1 2019 has held steady, with a national risk score of 687. Small firms have improved their scores from 737 to 740; large firms fell from 646 to 643.

See also: BDO sees some boards ready for cyber risk, others not so much

“When we launched the ABC in October 2018, it was a wake-up call to many businesses across the country,” said Christopher D. Roberti, SVP for Cyber, Intelligence, and Security Policy at the U.S. Chamber of Commerce. “Our focus this quarter is to help businesses understand how to improve their cyber posture. It is important to emphasize that a lower score—whether for a company or a sector—does not necessarily imply that insufficient diligence is being applied by those entities. Such entities may simply have a higher risk profile (i.e., they face greater risk of breach) due to the nature of their businesses.”

Reducing Cyber Risk

The Chamber of Commerce offered six tips for reducing cyber risk:

  1. Use the National Institute of Standards and Technology (NIST) Cybersecurity Framework to develop an information security program. The framework enables organizations—regardless of their size, risk profile, or cyber sophistication—to create a cybersecurity plan or improve an existing one.
  2. Develop a reliable understanding of one’s network by identifying assets to apply security management based on risk.
  3. Identify functions and teams whose process and policy maturity are not performing adequately. This approach enables organizations to identify weak links in technology, personnel, policy, and leadership.
  4. Oversee an organization’s network team to confirm alignment to the details of network management policies. Avoid unnecessarily exposing network infrastructure assets and ensure correct configuration for those that must be exposed.
  5. Protect and monitor network endpoints. Organizations that monitor endpoints are able to provide an early warning of potential problems.
  6. Develop a process to confirm that the business/ company has implemented active certificate management programs.

For more information, visit

Sue Walsh

About Sue Walsh

Sue Walsh is News Writer for RTInsights, and a freelance writer and social media manager living in New York City. Her specialties include tech, security and e-commerce. You can follow her on Twitter at @girlfridaygeek.

Leave a Reply

Your email address will not be published. Required fields are marked *