logo cyberrisk rating
icon for critical infrastructure and enterprise


With the CyberRisk Rating by KSV1870, you meet essential requirements of the NIS Directive for supplier risks and the GDPR.
One Process for All
Third-party risk management compliant with the NIS Directive & GDPR.
Understandable & transparent
Easily understandable, transparent evaluation based on the established system of KSV1870.
Security made in AT
Based on the Cyber Risk Scheme of the Kompetenzzentrum Sicheres Österreich.

The CyberRisk Ratings by KSV1870

The rating assesses cyber risks of service providers, suppliers, and third parties. Behind it lies a standardized, multi-stage process in which the so-called WebRisk Indicator and a validated self-assessment - the CyberRisk Rating - play important roles.
graphic the cyberrisk ratings

Process of the CyberRisk Rating
from the Client's Perspective

graphic process of the cyberrisk rating

WebRisk Indicator & CyberRisk Ratings
in Detail

screenshot webrisk indicator modal

The WebRisk Indicator assesses publicly visible IT security risks and the compliance of the web presence of up to thousands of suppliers, and it is already integrated into the credit reports of KSV1870. However, a secure website does not necessarily mean that the company is also well-protected within its internal network. Nevertheless, an inadequately secured website suggests that IT security has not been fully implemented. Once your suppliers are registered in the CyberRisk Manager, the WebRisk Indicator (C-Score) becomes quickly available for all of them.

screenshot cyberrisk rating b modal
A good B-Rating indicates a solid baseline cybersecurity level, achieved by fulfilling the 14 requirements of the B-Part in the Cyber Risk Scheme of KSÖ. These requirements represent fundamental measures that can also be implemented by small and individual businesses.
screenshot cyberrisk rating a modal
An A-Rating implies the evaluation of all 25 requirements of the KSÖ Cyber Risk Schema, including the 11 requirements of the A-Part, which are often associated with higher costs. This rating is therefore particularly suitable for companies with an increased security need.
screenshot cyberrisk rating a+ modal
For "A+", an audit partner additionally creates a report about the assessed organization, further increasing reliability.
All Benefits at a Glance
icon pfeil

Officially Recognized

The requirements of the KSÖ Cyber Risk Schema were defined by leading cyber risk managers from all sectors of critical infrastructure, as well as representatives of renowned Austrian companies. Therefore, the rating is suitable for every industry and economic sector. According to the Austrian operational NIS authority (BMI), it fulfills the requirements of the NIS Directive for supplier risks.

25 Requirements

The CyberRisk Rating is based on 25 practical requirements that are easy for you to answer. The assessment takes one working day and consists of two parts: For each requirement of the Cyber Risk Schema, you must indicate whether the requirement is fulfilled (Yes/No). If Yes, organizations must provide a description for each question of how the requirement is met and what evidence can be provided if necessary.

Quickly Done

Once a CyberRisk Rating is commissioned for your company (by you or your business partner), you will receive an email with an invitation link to the online assessment. It consists of those 25 questions that are to be answered with Yes or No. In the case of a Yes response, as mentioned earlier, it must be justified. After you have completed your assessment, your answers will be professionally reviewed, any questions clarified, and the rating calculated.

Transparent and Secure

The requirements presented in the CyberRisk Rating are publicly accessible at all times. This allows you to familiarize yourself with them before starting the assessment. Only the rating is shared with your customers. You retain control over your data because your answers are deleted from the system two weeks after the completion of the rating.

Internationally Deployable

With the Cyber Risk Schema of the KSÖ, individual ratings can be created for any suppliers worldwide. The rating process as well as the requirements are available in both German and English to cover all your suppliers worldwide in the assessment.

Always Up-To-Date

The requirements of the CyberRisk Rating are maintained and optimized annually by the Cyber Risk Advisory Board to ensure an up-to-date security standard. This ensures continuous adaptation to regulatory requirements. For this reason, the rating is valid for one year at a time.

Ahead of the Competition

Be proactive and showcase your rating to potential customers. This demonstrates that you are a secure business partner and operate in compliance with NIS regulations. In case IT security evidence is required from you during tender processes following the EU-wide implementation of NIS2 from October 2024, you are already prepared and stand out positively from the crowd.
The Austrian standard based on the EU NIS Directive: Since the beginning of 2020, the Kompetenzzentrum Sicheres Österreich (KSÖ) together with security experts from industry, administration and critical infrastructure has developed a standard for evaluating cyber risks. This standard is based on the requirements of the EU Directive 2016/1148 ("NIS"), which aims to achieve a higher level of security for networks and information systems throughout the EU.
icon arrow
Go To Scheme

Information Materials


If you cannot find an answer to your question here, please do not hesitate to contact our team. We are available by phone at +43 (0) 732 / 860 626 and via email.

In Collaboration with