Blog of cyber
In 2016, if you asked a CISO what his day was made of, he would answer "Cloud", "Antivirus", "General Data Protection Regulation" or "connected objects". He would tell you about his fears of cyber-attacks and his company's lack of maturity, still too fragile in the face of these threats.
In 2022, this same CISO has experienced the explosion of increasingly sophisticated cyber attacks, and these days he's listening to warnings from the French National Agency for Information Systems and Security (ANSSI) about possible attacks linked to the conflict between Ukraine and Russia. Cyber risk has become omnipresent, and is materializing in numerous security incidents.
Today, therefore, CISOs count their company's vulnerabilities and do their utmost to prevent further breaches. In recent months, however, the term "cyber rating" has come up again and again. Because CISOs, like risk managers or private equity funds, know that there are now two kinds of companies: those that anticipate the assessment of their cybersecurity performance, and those that suffer from it.
"there are now two kinds of companies,
those that anticipate the assessment of their cybersecurity performance
and those that are not."
A climate of cyber confidence
Financial ratings, provided by long-established agencies such as Moody's and Standard & Poor's, and extra-financial ratings (Novethic, Vigeo Eiris, etc.) do more than just offer a grade. They foster trust between public and private, economic and financial players.
The same principle should apply to cyber rating, the rating of the cybersecurity of companies and their ecosystems that originated in the United States. In our ultra-connected world, cyber rating is like a high-definition image of a company's cybersecurity performance and maturity.
In France, while insurers, investors and companies have taken up these issues, public authorities have also taken the measure. In a report published in June 2021 on "corporate cybersecurity", senators Sébastien Meurant and Rémi Cardon propose, for example, the creation of a European cybernotation agency , using ANSSI's reference systems.
More recently, on February 24, 2022, Parliament passed a bill to impose cybersecurity certification on digital platforms from 2023. This "cyberscore" should enable users to be better informed about the protection of their online data. Clearly, these proposals are not just about cybersecurity or cyber rating. They are about building trust.