January 11, 2024
Similar to how a credit score influences financial decisions, cybersecurity scores are pivotal in assessing the security and integrity of businesses, offering valuable insights for boards, investors, and third-party risk management. Despite their significance, there is room to improve the accuracy and correctness of the algorithms used for these ratings. Today, USTelecom | The Broadband Association released a report on Improving the Quantitative Cybersecurity Ratings Assigned to Telecommunications Firms by Commercial Vendors.
Authors Robert Mayer, USTelecom’s senior vice president of cybersecurity and innovation, and Dr. Edward Amoroso, chief executive officer, TAG Infosphere Research Professor at NYU Center, outlined why the rating process should incorporate customized risk models, tailored to the unique characteristics of a telecommunications firm’s threat landscape and specific business use cases.
“Cybersecurity ratings provide important insights on a company’s risk posture, but if the methodologies for determining these ratings are flawed, it can lead to inaccuracies and misrepresentations of their security capabilities and cause a variety of reputational and economic harms,” said Robert Mayer. “The report gives a detailed and current overview of the problems still present in the ratings and suggests practical and immediate solutions to tackle these issues.”
The report encourages the exploration of alternative approaches for “asset discovery” and focuses on enhancing the validity and accuracy of security ratings, thereby improving the overall utility of the products offered by these companies. Additionally, the report highlights the importance of proactive and collaborative engagement between rating firms and their clients to enhance rating accuracy. By actively working with telecommunications providers, rating firms can experience continuous improvement in the dynamic cyber ecosystem.