FICO has acquired start-up QuadMetrics and plans to leverage its "predictive analytics and security-risk assessment tools to develop an industry-wide 'enterprise security score' for businesses" according to the Wall Street Journal. A single score could be used both internally to assess a company's risk as well as externally to measure the risk of its vendors.
Of course, a score is one thing. Insights into the source of risks and how to prevent them are the real value. Getting pointed in the right direction is a good start.
“Just as the FICO Score gave credit markets a single metric for understanding credit risk, this product will give the industry a common view of enterprise security risk,” Doug Clare, FICO’s vice president of cybersecurity solutions, said in a statement.
The article doesn't touch on the mechanics of the score and how dynamic it is. The QuadMetrics score collects over 250 data points. If there's a change in one of the data points, especially a dramatic one, how will that be reflected in the score and how quickly will the company be notified? And if a vendor is providing the score to its customers, what is their responsibility to notify its customers on a timely basis?
As with other scores, it's just a start. Building a complete decision solution is another matter.