logo cyberrisk rating
icon critical infrastructure and enterprise

For critical infrastructure & enterprise

The CyberRisk Rating by KSV1870 offers you a unified system to meet the requirements of the EU-NIS Act and the GDPR for suppliers.
ONE process for all
Third-Party Risk Management according to EU-NIS Act & GDPR
Simple & Transparent
Easy-to-understand, transparent valuation according to the established system of KSV1870
Security made in aT

Based on the Cyber Risk Scheme of des Kompetenzzentrum Sicheres Österreich

The CyberRisk Rating

CyberRisk Rating by KSV1870 uses three basic processes to evaluate global supplier bases:

1. the assessment of public IT security data for all suppliers of your organisation,

2. the validated CyberRisk Rating Assessment according to the KSÖ Cyber Risk Scheme based on direct information from suppliers, and if required:

3. audits of the CyberRisk Assessments by third party auditors.

graphic supplier base

The Rating processes in detail

Click through the icons to learn more about the rating processes mentioned above.
screenshot webrisk indicator

Once your suppliers have been listed in the CyberRisk Manager, the WebRisk Indicator (C-Score) is available for all of them at short notice.


The WebRisk Indicator serves as an initial assessment of cyber risks and automatically evaluates publicly accessible IT information.

screenshot cyberrisk rating
You can now choose which rating you would like to request for your suppliers. The selected suppliers receive an invitation link to the assessment by e-mail. After completion, the assessment is professionally validated and a CyberRisk Rating is calculated, which also includes the C-Score.
screenshot cyberrisk rating with audit
To obtain an A+ rating, you can commission audits by qualified bodies for desired suppliers. The auditor checks the completed assessment of the respective company for evidence and proof listed in the scheme.

Governance of the Rating

The requirements of the Cyber Risk scheme were defined by leading cyber risk managers from all sectors of critical infrastructure, as well as representatives of well-known Austrian companies - the rating is therefore suitable for every industry and every sector of the economy.

The publicly and freely accessible scheme is continuously maintained by the Cyber Risk Advisory Board in order to be able to react quickly to new requirements from practice or the executive NIS authority (BMI).

graphic governance of the rating

The CyberRisk Rating at a glance
icon arrow

Understandable & transparent

The rating, based on the established system of KSV1870, is immediately understandable and transparent. If you have any uncertainties, we are of course there for you! 

One process for all suppliers

With the CyberRisk Rating by KSV1870, the evaluation of your suppliers with regard to IT security, business continuity management and GDPR compliance becomes simple and efficient.

Security made in Austria

The requirements, based on the Cyber Risk Scheme of the Kompetenzzentrum Sicheres Österreich, were developed by Austrian specialists.

Compatible with EU-NIS & GDPR

Always on the safe side: The CyberRisk Rating by KSV1870 is compatible with the requirements of the EU-NIS Act and GDPR.

Available in two languages

The rating process as well as the requirements are available in German and English to cover all your globally distributed suppliers in the rating process.

Always up to date

The requirements of the CyberRisk Rating are regularly maintained and optimised by the Cyber Risk Advisory Board to ensure that the security standard is always up-to-date. 

Any questions?


If your question is not being answered here, please do not hesitate to contact our team.
We are available by phone (+43 (0) 732 / 860 626) and e-mail.

In collaboration with