Is it fair to judge an organizations information security posture simply by looking at its Internet-facing assets for weaknesses commonly sought after and exploited by attackers? A number of nascent efforts are using just such an approach to derive security scores for companies and entire industries. FICO accidentally exposed the FICO Cyber Risk Score of energy giant ExxonMobil on Tuesday. ExxonMobil’s score of 587 puts it in the elevated risk category and somewhat below the mean score among large companies in the Energy and Utilities sector, which was 637.”]
Source: https://krebsonsecurity.com/2018/12/scanning-for-flaws-scoring-for-security/