Ask a room full of CISOs about cyber risk ratings (CRR) platforms and you’ll find no shortage of opinion — hot or cold, but never indifferent. Like a judges panel in a Top Chef culinary competition, customers critique missing or poorly planned components of the “dish.” And like the competing chefs, ratings vendors often struggle with editing their dish to provide a unique yet solid “plate” that both appeals and meets the challenge’s intent.
While the CRR market is over a decade old, CRR platforms traditionally lacked key ingredients to satisfy customers’ cravings. The most important one? Trust. Half-baked use cases, poorly articulated scoring recipes, and overcooked security findings made it difficult for customers to enjoy their plate.
Today, the caliber of chefs in the CRR kitchen is improving. Technical challenges with CRR platforms still exist, but vendors are rethinking the ways they deliver, investing more in technical accuracy and efficiency, and expanding their services and support to meet more relevant security and third-party risk demands. Savvy customers look for vendors that:
- Obsess over trust. We don’t mean sparkly PR campaigns…
