In its scoring process, Cybernance has adopted the cyberrisk resilience and risk control best practices of the National Institutes of Standards and Technology’s Cybersecurity Framework. “We’ve created software and automated packages around these best practices to examine more than 400 control points inside an organization,” Shultz said. “Using our proprietary algorithm, we’re able to gauge the adequacy of its technological defenses, procedures, policies and staff.”
This data is distilled into a score from one to 1,000, again the higher the better. Shultz said that most organizations average a score of around 350, which is actually pretty good. “To get yourself to 1,000, you would have to lock yourself in a bank vault in the mountains of Montana and not be connected to anything, while spending the entire national debt on your cybersecurity,” he said.