CyberRisk Rating
Cyber risks have long evolved into a ubiquitous threat, as alarming statistics of cyberattacks in Austria in 2023 show – marking an increase of 201% compared to the previous year. Particularly, supply chains harbour risks, prompting the EU GDPR and the EU-NIS Directive to require all organisations to establish professional cyber risk management for service providers, suppliers, and third parties.
In this fast-paced digital era, it is crucial to act proactively to shield against potential cyber risks. The CyberRisk Rating by KSV1870 provides an essential solution to transparently expose and mitigate cyber risks amidst these challenges.
Meeting NIS2 requirements quickly and cost-effectively
According to the executive Austrian NIS authority (BMI), the CyberRisk Rating by KSV1870 fulfils the requirements of the EU-NIS Act for supplier risks.
(§ 11 para. 1 Z 2 iVm Annex 1 NISV)
The CyberRisk Rating by KSV1870 provides a standardized process to meet these requirements and prove your security. The transparent assessment of cyber risks in global supply chains enables targeted risk reduction.
- For IT suppliers worldwide
- Swift, straightforward implementation
- Most cost-effective solution on the market
What does KSV1870 offer?
- CyberRisk Manager: The platform for CyberRisk Management of all suppliers worldwide for more than 4000 companies in Austria directly impacted by NIS2
- CyberRisk Rating: The proof of security for suppliers of these more than 4000 companies in Austria
For critical infrastructure
The CyberRisk Rating by KSV1870 provides a standardized process to meet requirements of the NIS Law and GDPR for suppliers in critical infrastructure.
- One process for all: The CyberRisk Manager provides NIS-compliant Third-Party CyberRisk Management. It enables your organization to fulfil the NIS and GDPR requirements for suppliers.
- Transparent assessment: The clear and transparent assessment process gives you a comprehensive overview of the cyber risks in your supply chain.
- Efficient and time-saving: Efficiently tailored for all suppliers, our process optimizes time and resources without compromising quality and security.
Related Topics
CyberRisk Report
EU NIS2 Directive: one in three companies affected
Business partners in the “critical infrastructure” are expected to provide proof of their cybersecurity measures starting in March 2025. Failure to do so could result in the end of business relationships. KSV1870 provides support with preparation and proof. (German only)
Blog Post
Keep track of all suppliers with the CyberRisk Manager
It's THE platform for efficient cyber risk management of suppliers according to NIS. Read here how you can access existing information about your suppliers or directly commission CyberRisk Ratings. (German only)
Blog Post
What can the CyberRisk Rating by KSV1870 do?
Easily fulfil essential requirements of the NIS Act for supplier risks in three steps with the CyberRisk Rating. Find out how in this post. (German only)
For suppliers
The CyberRisk Rating for suppliers shows your customers that your company has the risks associated with digital transformation well under control, whether you are a small, medium, or large enterprise. Through a brief assessment, we offer you a simple and efficient evaluation concerning IT security, business continuity management, and GDPR compliance.
- Digital control: Only 25 practical requirements determine your cyber risk assessment.
- Adapted to Austrian requirements: The rating is continuously adapted to requirements of Austrian regulatory authorities.
- Security and Trust: Only the rating is shared with your customers, allowing you to maintain control over your sensitive information. Strengthen your customers' trust in your digital security.
Related Topics
Blog Post
Cybersecurity: Are you NIS-2-ready?
From March 2025, many companies will have to prove that their IT systems are "safe". Read this article to find out more (German only).
Webinar
New EU Cybersecurity Directive - Is my company affected by NIS2?
We invite you to join us in facing the challenges of NIS2.
When? 05.03.2024, 14:00-15:00
(German only)
How does a CyberRisk Rating work?
The CyberRisk Rating is based on a multi-stage process that includes the WebRisk Indicator and a validated self-assessment. While the Indicator evaluates publicly visible IT security risks and supplier web compliance, the CyberRisk Rating assists in assessing NIS compliance based on the KSÖ CyberRisk scheme.
The following ratings are available:
- B-Rating: Basic cyber protection level, covering 14 requirements
- A-Rating: Covers all 25 KSÖ requirements
- "A+"-Rating: Additionally provides a report from an audit partner
KSÖ CyberRisk scheme
The Austrian Standard CyberRisk scheme was developed by the Competence Centre for a Safe & Secure Austria (KSÖ) in collaboration with security professionals from industry, the public administration, and critical infrastructure. We base our rating on this CyberRisk scheme to provide you with security made in Austria.
Questions about the CyberRisk Rating
In order to safeguard essential societal and economic activities, the NIS2 Directive aims to enhance resilience and the response to security incidents in the EU. Affected entities are obliged to implement appropriate risk management measures for their networks and information systems and are subject to certain reporting obligations.
For further information on the Austrian NIS2 Act, please visit:
- https://www.nis.gv.at/ (German only)
- https://www.wko.at/it-sicherheit/sicherheit-lieferkette-nis2 (German only)
- https://it-safe.at (German only)
Most Austrian companies are affected by NIS2 at least indirectly, as one or more of their customers are subject to NIS2.
Over 4,000 companies in Austria are directly affected by NIS2. If only one of these companies is your customer, the CyberRisk Rating will provide you with proof of cyber security.
You will find a more detailed list here (German only).
The new cybersecurity directive NIS2 has been in effect since January 2023 and is expected to be implemented in Austria by March 2025.
The CyberRisk Manager is a platform for implementing third-party cyber risk management (TPCRM) in accordance with NIS, NIS2, and DORA. It is where you can order CyberRisk Ratings for your suppliers. Additionally, the platform gives you access to the KSV1870 CyberRisk Rating database, where you can view all the proofs of security that have been deposited by all global suppliers in one place. Our CyberRisk Manager supports TPCRM implementation, operation, and auditing.
The CyberRisk Rating by KSV1870 serves as proof of security, especially for suppliers of NIS2 companies. Its purpose is to make cyber risks transparent and thus mitigate them.
The rating consists of two components:
- The CyberRisk Manager: The cyber risk management platform for all suppliers worldwide, serving the more than 4,000 companies in Austria that are directly subject to NIS2.
- The CyberRisk Rating: The proof of security for suppliers of these more than 4,000 companies in Austria.
- The EU’s GDPR and NIS Directive require all organisations, especially operators of essential services, to implement professional cyber risk management for service providers, suppliers, and third parties.
- The CyberRisk Rating by KSV1870 entails a standardised process that ensures compliance with these requirements. Cyber risks in global supply chains become transparent and can thus be mitigated in a targeted manner.
