CyberRisk Rating Key Visual

CyberRisk Rating

Cyber risks have long evolved into a ubiquitous threat, as alarming statistics of cyberattacks in Austria in 2023 show – marking an increase of 201% compared to the previous year.  Particularly, supply chains harbour risks, prompting the EU GDPR and the EU-NIS Directive to require all organisations to establish professional cyber risk management for service providers, suppliers, and third parties.

In this fast-paced digital era, it is crucial to act proactively to shield against potential cyber risks. The CyberRisk Rating by KSV1870 provides an essential solution to transparently expose and mitigate cyber risks amidst these challenges.

Identify digital risks in supply chains

Meeting NIS2 requirements quickly and cost-effectively

According to the executive Austrian NIS authority (BMI), the CyberRisk Rating by KSV1870 fulfils the requirements of the EU-NIS Act for supplier risks.
(§ 11 para. 1 Z 2 iVm Annex 1 NISV)

The CyberRisk Rating by KSV1870 provides a standardized process to meet these requirements and prove your security. The transparent assessment of cyber risks in global supply chains enables targeted risk reduction.

  • For IT suppliers worldwide
  • Swift, straightforward implementation
  • Most cost-effective solution on the market

What does KSV1870 offer?

  • CyberRisk Manager: The platform for CyberRisk Management of all suppliers worldwide for more than 4000 companies in Austria directly impacted by NIS2 
  • CyberRisk Rating: The proof of security for suppliers of these more than 4000 companies in Austria

Make your move before October 17


The current NIS Directive will be replaced by the NIS2 Directive on October 18, 2024.

Therefore, seize the opportunity to provide your customers with the necessary proof of security through the CyberRisk Rating by no later than October 17, 2024.

Start today, as improvements in cybersecurity often take months to implement.

Order here
CyberRisk Manager

For critical infrastructure

The CyberRisk Rating by KSV1870 provides a standardized process to meet requirements of the NIS Law and GDPR for suppliers in critical infrastructure.

  • One process for all: The CyberRisk Manager provides NIS-compliant Third-Party CyberRisk Management. It enables your organization to fulfil the NIS and GDPR requirements for suppliers. 
  • Transparent assessment: The clear and transparent assessment process gives you a comprehensive overview of the cyber risks in your supply chain. 
  • Efficient and time-saving: Efficiently tailored for all suppliers, our process optimizes time and resources without compromising quality and security.

More Information


Related Topics

Checklisten-Hologramm auf geöffnetem Laptop

CyberRisk Report

EU NIS2 Directive: one in three companies affected

Business partners in the “critical infrastructure” have to provide proof of their cybersecurity measures from October 18, 2024. Failure to do so could result in the end of business relationships. KSV1870 provides support with preparation and proof. (German only)

Data Center Chief Technology Officer Holding Laptop, Standing In Warehouse, Information Digitalization Lines Streaming Through Servers.

Blog Post

Keep track of all suppliers with the CyberRisk Manager

It's THE platform for efficient cyber risk management of suppliers according to NIS. Read here how you can access existing information about your suppliers or directly commission CyberRisk Ratings. (German only)

Was kann das CyberRisk Rating?

Blog Post

What can the CyberRisk Rating by KSV1870 do?

Easily fulfil essential requirements of the NIS Act for supplier risks in three steps with the CyberRisk Rating. Find out how in this post. (German only)

Rated companies

For suppliers

The CyberRisk Rating for suppliers shows your customers that your company has the risks associated with digital transformation well under control, whether you are a small, medium, or large enterprise. Through a brief assessment, we offer you a simple and efficient evaluation concerning IT security, business continuity management, and GDPR compliance.

  • Digital control: Only 25 practical requirements determine your cyber risk assessment. 
  • Adapted to Austrian requirements: The rating is continuously adapted to requirements of Austrian regulatory authorities. 
  • Security and Trust: Only the rating is shared with your customers, allowing you to maintain control over your sensitive information. Strengthen your customers' trust in your digital security.

More Information

Related Topics

Weiße Steinchen mit Cybersicherheit-relevanten Icons auf blauen Hintergrund

Blog Post

Cybersecurity: Are you NIS-2-ready?

From October 2024, many companies will have to prove that their IT systems are "safe". Read this article to find out more (German only).



New EU Cybersecurity Directive - Is my company affected by NIS2?

We invite you to join us in facing the challenges of NIS2.  

When? 05.03.2024, 14:00-15:00

(German only)

Multi-stage process

How does a CyberRisk Rating work?

The CyberRisk Rating is based on a multi-stage process that includes the WebRisk Indicator and a validated self-assessment. While the Indicator evaluates publicly visible IT security risks and supplier web compliance, the CyberRisk Rating assists in assessing NIS compliance based on the KSÖ CyberRisk scheme.

The following ratings are available:

  • B-Rating: Basic cyber protection level, covering 14 requirements 
  • A-Rating: Covers all 25 KSÖ requirements 
  • "A+"-Rating: Additionally provides a report from an audit partner

Security made in Austria

KSÖ Cyber­Risk scheme

The Austrian Standard CyberRisk scheme was developed by the Competence Centre for a Safe & Secure Austria (KSÖ) in collaboration with security professionals from industry, the public administration, and critical infrastructure. We base our rating on this CyberRisk scheme to provide you with security made in Austria. 


Questions about the CyberRisk Rating

Most Austrian companies are affected by NIS2 at least indirectly, as one or more of their customers are subject to NIS2.

Over 4,000 companies in Austria are directly affected by NIS2. If only one of these companies is your customer, the CyberRisk Rating will provide you with proof of cyber security.

You will find a more detailed list here (German only).

The new cybersecurity directive NIS2 has been in effect since January 2023 and must be implemented in Austria by 17 October 2024.

The CyberRisk Manager is a platform for implementing third-party cyber risk management (TPCRM) in accordance with NIS, NIS2, and DORA. It is where you can order CyberRisk Ratings for your suppliers. Additionally, the platform gives you access to the KSV1870 CyberRisk Rating database, where you can view all the proofs of security that have been deposited by all global suppliers in one place. Our CyberRisk Manager supports TPCRM implementation, operation, and auditing.

The CyberRisk Rating by KSV1870 serves as proof of security, especially for suppliers of NIS2 companies. Its purpose is to make cyber risks transparent and thus mitigate them.

The rating consists of two components:

  • The CyberRisk Manager: The cyber risk management platform for all suppliers worldwide, serving the more than 4,000 companies in Austria that are directly subject to NIS2.
  • The CyberRisk Rating: The proof of security for suppliers of these more than 4,000 companies in Austria.
  • The EU’s GDPR and NIS Directive require all organisations, especially operators of essential services, to implement professional cyber risk management for service providers, suppliers, and third parties.
  • The CyberRisk Rating by KSV1870 entails a standardised process that ensures compliance with these requirements. Cyber risks in global supply chains become transparent and can thus be mitigated in a targeted manner.

In order to safeguard essential societal and economic activities, the NIS2 Directive aims to enhance resilience and the response to security incidents in the EU. Affected entities are obliged to implement appropriate risk management measures for their networks and information systems and are subject to certain reporting obligations.

For further information on the Austrian NIS2 Act, please visit: