KKR adds cyber-risk score to its assessment of companies (Bloomberg, 11 April 2014) – How important is cybersecurity to investors? The private equity firm KKR (KKR) just provided its own answer to that, adding a cyber-risk score to its assessment of the companies in its portfolio. About a year ago, KKR officials decided they needed to find a way to understand the current state of security at the companies they were invested in, as Chief Information Office Ed Brandman tells it. That goal might sound simple, but how to get there wasn’t obvious for a diverse set of 90 companies across a range of industries and regions. KKR worked with BitSight Technologies to come up with what amounts to a credit score for cyber risk. BitSight, based in Cambridge, Mass., collects Internet traffic flowing to and from tens of thousands of companies. Its staff members analyze risky behavior, such as communications with spam networks or servers known to be controlled by hackers and cybercriminals, to come up with a score for cyber risk on a scale from 250 (worst) to 900 (best). Subscribers to the service use it to help assess the security at third parties with whom they may share sensitive data and to benchmark their own performance, says Stephen Boyer, chief technology officer at BitSight. Bitsight did the same for 70 of KKR’s private equity holdings-excluding some in the portfolio that KKR was about to sell or had just bought.

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/Stuart Miles.