Cygienic Risk Rating System
...Powered by Cygienic vCISO
Trusted & Reliable Cybersecurity Risk Ratings From Cygienic.
Cybersecurity Risk Assessments
Cybersecurity risk assessments are a collection of Algorithmic & Automation assessments that evaluate the security posture of an organization. They provide a quantitative measurement of a company's cybersecurity risk, similar to a credit rating, and can be used by stakeholders such as customers, investors, and insurers to assess an organization's overall risk profile.
Cybersecurity risk assessments are based on a range of factors, including the organization's cyber security controls, financial impacts, vendor risks, compliance & policies, as well as its vulnerability management and cyber hygiene practises. Indicators are becoming increasingly important in the current landscape of frequent cyber-attacks and data breaches, as they can help organizations better understand and manage their risk exposure, and provide a benchmark for comparison with peers in their industry.
Cygienic vCISO Risk Assessments
The Cygienic vCISO assesses four key cybersecurity risk areas:
- Attack Surface Management(ASM): Cyber assessment of internet facing attack surface
- Financial Risk Quantification: Data breach & cyber attack impact cost analysis
- Compliance Risk Management: Regulatory & compliance assessments
- Third-Party Risk Management (TPRM): 3rd party vendor risk management and assessments
Our cybersecurity risk ratings are a reliable and trustworthy source of information for assessing the risk profile of a business. All our ratings are aligned with industry security standards, including the *US Commerce of Trade - Principles For Fair And Accurate Security Ratings, *National Institute of Standards and Technology - NIST NVD CVE and the *Common Vulnerability Scoring System - CVSS V3.0.
By aligning with these established standards, our risk ratings provide a more accurate and objective assessment of your company's security profile.
Comparable to Rating Agencies & Market Leaders
Our risk ratings, in terms of accurace and comprehensiveness, are comparable to industry rating agencies and market cybersecurity leaders.
Cygienic vCISO Attack Surface Management (ASM)
| Security Checkpoints |
No# Probes |
Total Points |
Total Weight |
| Email Security | 6 | 25 | 11% |
| Webpage Security | 11 | 36 | 15% |
| Data Privacy | 8 | 32 | 14% |
| Systems Compromised | 5 | 40 | 17% |
| System Vulnerabilities | 8 | 59 | 26% |
| Network Open Ports | 16 | 38 | 17% |
Total 55 Probes Max Score 230= [A+]
Cygienic vCISO (ASM) Severity Scores
| Severity Score |
Severity Rating |
| 0.1 – 3.9 | Low |
| 4.0 – 6.9 | Medium |
| 7.0 – 8.9 | High |
| 9.0 – 10.0 | Critical |
Cygienic vCISO Indicators Grades
| Cygienic Grading |
% Score |
| A+ | total points between 93-100% |
| A | total points between 85-92% |
| B+ | total points between 79-84% |
| B | total points between 73-78% |
| C+ | total points between 62-72% |
| C | total points between 55-61% |
| D+ | total points between 47-54% |
| D | total points between 40-46% |
| E | total points between 00-39% |
*U.S Chamber of Commerce - Principles For Fair And Accurate Security Ratings
As security ratings continue to mature, more organizations in the public and private sectors leverage them in making business and risk decisions. As a key piece of a robust security evaluation program, security ratings based on accurate and relevant information are useful tools in evaluating cyber risk and facilitating collaborative, risk-based conversations between organizations. Security rating companies use a combination of data points collected or purchased from public and private sources and proprietary algorithms to articulate an organization’s security effectiveness into a quantifiable measure or score. As these ratings rely in part upon the quality and breadth of the data they use, the variety of sources and the dynamic nature of the environment create risks of producing ratings that can potentially be inaccurate, irrelevant or incomplete. To increase confidence in security ratings, an industry-wide, common approach should: - Promote quality and accuracy in the production of security ratings - Promote fairness in reporting - Include a coordinated process for adjudicating errors or inaccuracies in reported content - Establish guidelines for appropriate use and disclosure of the scores and ratings We believe these principles will promote fairness in reporting and enhance the value of security ratings across all industries.
*https://www.uschamber.com/security/cybersecurity/principles-for-fair-and-accurate-security-ratings.
**https://www.cvedetails.com/cvss-score-distribution.php
***https://nvd.nist.gov/vuln-metrics/cvss
To arrange a demonstration of our Cygienic vCISO, please reach out to sales@cygienic.com. For direct purchase of a Cygienic vCISO subscription, visit cygienic.com/pricing.
