Today, Panorays announced its release of the Cyber Risk Rating, a combined “bottom-line” rating of all of the cyber data available about a supplier on Panorays, including the Cyber Posture Rating, Smart Questionnaire Rating and business impact. Unique to Panorays, the Cyber Risk Rating enables security professionals to make quick decisions about their suppliers’ security.
To shed some light on what this all means, we reached out to Giora Omer, Chief Architect at Panorays to explain.
The Cyber Risk Rating combines data from the supplier’s responses to Panorays’ Smart Questionnaire with the Cyber Posture Rating—an external assessment that is based on over 100 security tests, typically from thousands of assets.
The Cyber Risk Rating has five levels:
These levels serve as critical thresholds to make business decisions. The Cyber Risk Rating is highly influenced by the evaluator-supplier relationship. The same supplier can have a different Cyber Risk Rating for different evaluators based on context. The rating can also be affected by periodic events such as critical findings and breach news.
When a security team assesses a supplier, they often must sift through a tremendous amount of data, which doesn’t necessarily give them actionable information. Critical findings, for example, can get lost in the Cyber Posture Rating, because it’s a weighted average of numerous tests and findings. This hinders the team’s ability to make fast decisions about, for example, whether to work with a supplier or not.
The Cyber Risk Rating is designed to address this problem. It takes into account temporal factors like critical findings to provide an updated status of the right now, rather than general security hygiene, which is also important. Essentially, it cuts to the chase, providing a rapid overview of a supplier’s security based on the organization’s particular standards and the context of the business relationship.
The Cyber Risk Rating is also unique because it is customizable. The organization determines which rating is acceptable, and how to configure their risk policy.
Security professionals can use the Cyber Risk Rating as follows:
By using the Panorays risk rating model, customers can benefit from:
1. An overview of a supplier’s internal policy security, as reflected through the customized Smart Questionnaire.
2. A “hacker view” of the supplier’s digital perimeter, as reflected through the Cyber Posture Rating.
3. A unique “bottom line” Cyber Risk Rating that combines the two ratings above with context and business relationship. This enables rapid and clear-cut decision making about working with a supplier.
Want to learn more about Panorays’ Cyber Risk rating? Schedule a demo today.