The Forrester Wave™: Cybersecurity Risk Ratings Platforms, Q2 2024
Introducing Security Ratings for Telecommunications, Internet Service Providers, and Cloud Providers: Collaborating on enhancements with industry leaders
Telecommunications, Internet Service Providers, and Cloud Providers are some of the most critical sectors on the planet. They enable global connectivity, provide access to a wealth of information in real time, and transform business operations. As the foundation of modern communication, these industries have ushered in countless innovations and propelled society forward. One study estimates that there are 5.47 billion unique Internet users every day, which is roughly 66% of the world’s population. But they are also prime targets for nation-state attacks and other threat actor groups. And their reliance on vast networks of third-party vendors, partners, and service providers creates a need for a comprehensive cybersecurity approach tailored specifically to the sector.
A new industry standard
SecurityScorecard has taken note, which is why we’ve introduced the industry’s first Security Ratings developed exclusively for Telecommunications, Internet Service Providers, and Cloud Providers. This methodology was created in partnership with wireless providers to address industry feedback and requests for a tailored approach for their unique digital ecosystem. We know that traditional ratings approaches have been challenging for this specific industry segment. For ratings to be trusted by all, they must address unique operating conditions in different business sectors. We’re excited to announce this new ratings approach for this vital industry and hope it demonstrates our commitment to transparency and accuracy.
A transformative approach to Security Ratings
This update comes at an inflection point for the sector. A staggering 85% of the top telecom companies in the U.S., U.K., France, Italy, Denmark, and Germany experienced a third-party data breach in the past 12 months alone. This emphasizes the critical need for a metrics-driven approach to cybersecurity across the supply chain.
Security ratings have the power to restore public trust in cybersecurity. With a watchful eye on over 12 million organizations, SecurityScorecard’s impact is not just theoretical — it’s empirical. An extensive study found organizations that achieve an A rating are 13.8 times less susceptible to a breach.
Industry-specific scoring enhancements
SecurityScorecard has worked in collaboration with industry leaders to make several noteworthy enhancements to Security Ratings. The first comes in the form of an advanced scoring algorithm that dynamically accounts for the nuanced complexities of these industries. This algorithm considers the unique operational aspects of these organizations such as open DNS resolvers, ensuring an accurate assessment.
The next enhancement brings greater precision through Network Partitioning to account for the distinctive complexities of specific industries . This means that only corporate assets directly managed by telecom companies are scored, excluding customer assets. This novel algorithm ensures a more precise representation of a company’s security posture.
And to ensure greater accuracy, SecurityScorecard now uses proprietary AI models to automatically detect and categorize assets leased to third parties. Organizations can audit the digital footprint detected by SecurityScorecard and understand how various assets impact their overall score. SecurityScorecard conducts regular audits to ensure the categorization of customer assets remains accurate.
The final enhancement celebrates cybersecurity progress. SecurityScorecard wants to recognize and reward organizations for their cybersecurity progress. With that in mind, the methodology now seamlessly integrates user-contributed data, awarding achievements such as certifications, penetration testing, and cybersecurity awareness training with positive scoring. SecurityScorecard provides a secure repository for certifications such as SOC 2 and ISO 27001 in its Evidence Locker. Once documentation is verified, organizations receive evidence-based score improvements.
A collaborative effort to building trust
We seek to empower Telecommunications, Internet Service Providers, and Cloud Providers with a comprehensive assessment of their digital footprint while also ensuring the confidentiality of sensitive customer data. And as new challenges arise, we will be there to collaborate to reduce cyber risk and increase our collective cyber resilience.
SecurityScorecard is committed to working with our customers and users to reshape cybersecurity and redefine how we measure trust. And we firmly believe that security ratings are a fundamental right necessary to safeguard society and the economy.
For more information, read the white paper