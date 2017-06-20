More than two dozen U.S. companies, including
several big banks, have teamed up to establish shared principles
that would allow them to better understand their cyber security
ratings and to challenge them if necessary, the U.S. Chamber of
Commerce said on Tuesday.
Large corporations often use the ratings, the cyber
equivalent of a FICO credit score, to assess how prepared the
companies they work with are to withstand cyber attacks.
Insurers also look at the ratings when they make underwriting
decisions on cyber liability.
The group includes big banks like JPMorgan Chase & Co
, Goldman Sachs Group Inc and Morgan Stanley
, as well as non-financial companies like coffee retailer
Starbucks Corp, health insurer Aetna Inc and
home improvement chain Home Depot Inc. They are
organizing the effort through the Chamber of Commerce, a broad
trade group for corporate America.
The move comes in response to the emergence of such startups
as BitSight Technologies, RiskRecon and SecurityScorecard that
collect and analyze large swaths of data to rate companies on
cyber security.
As these startups have gained prominence and venture capital
funding, the companies they rate have complained of a lack of
transparency.
"The challenge is that their (startups') methodologies are
proprietary and there hasn’t been transparency on how they go
about creating the ratings," JPMorgan Global Chief Information
Security Officer Rohan Amin said in an interview.
The financial services industry is among the most vulnerable
to cyber crime because of the massive amount of money and
valuable data that banks, brokerages and investment firms
process each day.
Several technology companies, including Microsoft Corp
and Verizon Communications Inc, also support the
principles being developed, as do the cyber ratings firms, the
Chamber of Commerce said.
Ratings issued by those companies could help guide the
standards being set by U.S. corporations. BitSight, for example,
rates companies on a scale of 250 to 900 with a higher rating
indicating better security performance.
"For organizations to use your platform you have to
demonstrate trustworthiness and reliability," said Jake Olcott,
BitSight's vice president of strategic partnerships.