The concept of ratings has been the accepted standard for making investment decisions. The first commercial credit reporting agency, the Mercantile Agency, was founded in 1841. While this relied on largely subjective methods of evaluation, it wasn’t until the 1960s, when credit reporting became computerized, that the industry consolidated and took off. Since then, credit and financial ratings models have progressed to become objective and trustworthy data points that inform lending decisions.

Governor Kathy Hochul recently unveiled New York’s first-ever state-wide cybersecurity strategy, intended to protect the state’s digital systems and infrastructure from the ever-growing presence of cyber threats.

Today, electricity is so ubiquitous that it’s difficult to perform even basic tasks without it. But when electricity was first introduced, it took decades for broad acceptance and adoption because it was misunderstood and misused. Slowly, the benefits began to outweigh the cons. As with any innovation, there are setbacks, but electricity has overwhelmingly been a force for good. The same can be said about cybersecurity risk ratings. Are they perfect? No.

2023 is a year of “digital forest fires.” The MOVEit and the Barracuda Networks’ email supply chain attacks underscore the massive butterfly effect a single software flaw can have on the threat landscape. Supply chain attacks spread like a forest fire. Once cybercriminals compromise widely used software, attackers gain access to potentially all organizations that use that software.