Cybersecurity risk rating solutions are a polarizing topic for security leaders. We meet promoters and detractors in roughly equal measure in the customers that we speak to.
Positive client sentiment cites the ability to continuously monitor their third parties, and the simplicity of the quantifiable risk score is popular. Security leaders tell us it is an easy vehicle for starting a discussion about a vendor or their organization’s security posture.
Less positively, we speak to frustrated customers and third parties that find themselves dealing with inaccurate ratings that fail to depict the true picture of the organizational security posture. This does not apply to all, but we hear the following two complaints most frequently: