“Rather than fearing or ignoring cyber attacks, do ensure your cyber resilience to them.”
― Stephane Nappo
How the CARR rating system works
What does this mean for your business?
Each score is developed based on how many standard deviations an organisation is- better or worse - than the average number of risk findings for an organisation of the same size.This enables fair comparisons of an organiaation’s cybersecurity hygiene, helping to improve accuracy, transparency, and fairness to the security rating process.
Why CARR?
- Proactively explore and discover your cyber security maturity.
- Benchmark your organisation cyber maturity against your peers.
- Identify cyber security gaps and have a pre-built remediation plan.
- Develop a strategy for improving your cyber resilience without the need or huge additional costs.
- Create a data driven narrative to prioritise cyber investments.
- Provide visibility and share key reports with key internal and external stakeholders.
How CARR works
Risk mitigation is an essential part of good governance, so CARR provides cyber transparency and cyber risk management for our clients, CARR essentially:
- Shows the good, bad and ugly through transparency
- Produces evidence through information
- Provides confidence that the cyber programs are being managedWith a simple numerical grade scale, CARRs ratings are proven to effectively highlight cybersecurity vulnerabilities and help prevent data breaches.
For example, organizations with an 400 score are 12.2 times more likely to experience a significant cyber incident than those with an 800 score*.
*Likelihood of a cyber incident is based on Security in Depth State of Cyber Security 2021 and Verizon 2021 data breach investigations.
