Team8, Moody’s Developing New Framework to Measure Cyber Risk
Team8, an Israeli cyber group that is part think tank, part startup incubator and part venture capital investor, and rating agency Moody’s are developing a framework to measure companies’ defenses and preparedness for cyberattacks.
Risk measurement and mitigation tools are increasingly popular with MSPs and MSSPs. Key options include NIST’s Cybersecurity Framework, which many managed IT service providers are leveraging to measure and mitigate their own risks before extending and applying the framework to end-customers.
Team8 and Moody’s are tackling the framework opportunity in a slightly different way. The new teammates have formed a joint venture based in New York and Israel that will launch with about a dozen employees. They’ll be selling a risk assessment tool and associated services they believe could become the global benchmark for organizations gauging vulnerability to hackers. The partners figure that the five-year old Team8’s cybersecurity expertise — its founders are former leaders of an Israeli technology and intelligence defense force — along with Moody’s research, tools and analysis skills, will give legitimacy to and propel the initiative.
Companies engaging in mergers and acquisitions or those purchasing cyber insurance policies will be the venture’s primary customers, said Derek Vadala, chief executive of the joint venture, who most recently served as head of Moody’s cyber risk group.
First Customers, Key Partners
M&A could be a hot target market — considering cybersecurity’s impact on M&A due diligence, according to recent Forescout research.
The new company expects it will have beta customers signed on in a year with the plan to ultimately engage thousands of organizations. “Companies doing business with each other are spending more and more resources on understanding what is the risk associated with doing business with third parties and fourth parties,” Nadav Zafrir, Team8 CEO, said. “We believe that not only is that already slowing down the economy, but that we are going to see this slant continuing to deteriorate.”
Team8 is backed financially by Moody’s and other major companies such as Microsoft, Airbus and Qualcomm. Moody’s, along with Standard & Poor’s and Fitch Group, is considered one of the Big Three credit rating agencies. In practice, the company ranks the creditworthiness of borrowers using a standardized ratings scale.
Cyber Insurance Prospects: Another Target Market
In addition to M&A customers, the new venture may find a particularly receptive audience with companies looking to purchase cyber insurance. Such policies are becoming a key component of an organization’s cybersecurity and IT risk management strategy, according to the Federal Financial Institutions Examination Council (FFIEC). To determine the optimal cyber coverage, an organization must identify, measure, mitigate and monitor its potential cyber risk exposure and plan accordingly, the Council said. FFIEC recommended organizations analyze their existing cybersecurity and IT risk management programs before they purchase cyber insurance. That’s where the Team8/Moody’s benchmark could come into play. Considering that cyber premiums have grown at 23 percent annually over the last five year and are expected to be worth some $4 billion by 2021, the tools and services produced by the new venture could gain rapid acceptance.
Total spending on information security products and services is expected to reach $124 billion in 2019, according to researcher Gartner, up from the $114 billion spent last year.
Additional insights from Joe Panettieri.