Easterly proposes rating company cyber risk through firms with institutional market expertise

CISA Director Jen Easterly is proposing firms with institutional expertise should rate companies on cybersecurity risk as part of an effort to change the calculus toward making investments in security upfront.

Creating a cyber label similar to EnergyStar or using a Software Bill of Materials to boost transparency is helpful, Easterly said Thursday at the Consumer Electronics Show in Las Vegas, while proposing an alternative that is market-based.

Easterly said, “Why don’t we have institutional shareholder services rating...