They don’t predict breaches, and they don’t help people make valuable business decisions or make users any safer. Security professionals don’t like security ratings, also known as cybersecurity risk scores. Partly this is because people don’t like being criticized. But mostly it’s because security ratings don’t work, and cannot work as presently conceived and sold.
A group of insurers will base rates and terms on whether customers purchase technology that has earned a stamp of approval. It’s in the best interest of insurance companies to have their customers protected from cybersecurity losses. That, in a nutshell, is why a number of global insurers are collaborating on a rating system for