The CyberRisk Rating Models

The rating assesses cyber risks of service providers, suppliers, and third parties. Behind it lies a standardized, multi-stage process in which the so-called WebRisk Indicator and a validated self-assessment - the CyberRisk Rating - play important roles.
graphic rating models

Process of the CyberRisk Rating
for Assessed Companies

The CyberRisk Rating by KSV1870 is completed for assessed companies in 3 steps.
icon fill out assessment
Fill Out the Assessment
icon correct unclear answers
Correct Unclear Answers
icon choose a- or b-rating
Choose an A- or B-Rating
screenshot fill out assessment
The assessment consists of two parts: Part B with 14 questions covering basic security measures, and Part A with 11 questions addressing an advanced level of security. The requirements queried can be viewed in the KSÖ schema at any time. For each requirement of the Cyber Risk Scheme, it must be indicated whether it is fulfilled (Yes/No). In case of a positive response, organizations must provide a description of how the requirement is implemented in the company and what evidence can be presented if necessary.
screenshot correct unclear answers
If a validator deems one or more of your responses unclear and requests further details, you will be notified by us. Upon receiving this notification, you will have the opportunity to revise your answers once. Subsequently, your assessment will be resent to the validator and evaluated conclusively.
screenshot choose rating
In the final step, you select the CyberRisk Rating for your company - either A or B rating. You will be provided with a recommendation to assist you in this decision. Once you have chosen the desired rating, the process is completed for you. Your CyberRisk Rating will now remain valid for one year.

The Base for Every CyberRisk Rating:
The Cyber Risk Scheme of the Kompetenzzentrum Sicheres Österreich

The Austrian standard based on the EU NIS Directive: Since the beginning of 2020, the Kompetenzzentrum Sicheres Österreich (KSÖ) together with security experts from industry, administration and critical infrastructure has developed a standard for evaluating cyber risks. This standard is based on the requirements of the EU Directive 2016/1148 ("NIS"), which aims to achieve a higher level of security for networks and information systems throughout the EU.
icon arrow
Go to Scheme

Cyber Trust Austria Label –
The Seal of Cybersecurity Excellence

With a top rating, you have the opportunity to apply for a Seal of Cybersecurity, the Cyber Trust Austria Label.
icon arrow
More Details

Information Materials
for Assessed Companies

icon video

Short Videos:
CyberRisk Snacks

Explaining the requirements of Part B in 1-4 minute videos.
icon blog

Blog Post:
What Can the CyberRisk Rating Do?

Quickly and easily demonstrate your cybersecurity, become NIS-compliant, and convince business partners.

FAQs

If you cannot find an answer to your question here, please do not hesitate to contact our team. We are available by phone at +43 (0) 732 / 860 626 and via email.
Who can customers contact?
What benefit does this provide for the customers?
What is the cost of the CyberRisk Rating by KSV1870?
Where can the CyberRisk Rating be used?
Does the CyberRisk Rating affect the KSV1870 rating?
How does the CyberRisk Rating process work?

In Collaboration with